Pwnie Express is adding a tool that ranks the risks its security service finds on customer networks and makes it easier to remediate them.
The new feature of the company’s Pulse service assesses potential vulnerabilities that its sensors detect in customers’ networks and issues a grade in each of four categories. This Device Risk Scorecard points out problems, prioritizes them by urgency and tells how to fix them.
The scorecard looks at wireless infrastructure configuration, client connection behaviors, network host configuration, and shadow IT and rogue devices and computes a grade for each. Customers can drill down to find what discoveries account for low scores and follow the remediation suggestions to fix the problems.
The tool gives a view of grades over time so customers can see where they are gaining and losing ground. The scorecard considers input about wired and wireless devices, including Bluetooth.
Each customer sets what weights they want to give to each criterion used to calculate a score. For example, a customer could decide that it wants to use whether wireless access points are encrypted as part of the rating, but assign only medium importance to it. The presence of wired-to-wireless bridging devices on the network could be given critical importance, and input about vehicles driving by with wireless access points could be muted so it doesn’t weigh into the score.
The scorecard provides details about what compliance standards might be violated by a vulnerability. It will point out which section of the SANS Common Criteria, NIST, Sarbanes-Oxley, PCI and HIPAA requirements are violated.
The scorecard is similar to the Cybersecurity Threat Assessment Report generated by UpGuard’s risk-assessment platform. SecurityScorecard and BItSight Technologies also calculate risk scores for third parties that corporations do business with.
Device Risk Scorecard from Pwnie Express is a feature of its Pulse service and is rolled into the subscription fee.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.