You can now learn about trends or insights found within your Exception data in order for you to validate your strategic goals or identify new ones.
Last Updated 04/01/24
Overview
As analysts and remediation team members perform their analysis they may determine specific vulnerability instances cannot be remediated within the specific SLA timeframe due to a myriad of reasons such as there being no patch available, or there is a dependency that requires coordination or other resources to be available which may take time, or there may be a strategic goal to decomission a specific set of devices or products and the organization is willing to accept the risk for those items until they are resolved by the transition to newer versions of software.
With NopSec users can maintain situational awareness of these decisions to accept risk through the Exception Plan workflow where plans can get reviewed for approval or denial. Now with the introduction of the Exception Insights page users can now view trends and insights that can provide awareness of potential negative trends that need to be addressed strategically or they can help track and/or validate strategic efforts.
Like our other Insight pages, we hope these pages allow you to ask more questions that hopefully lead to identifying the root causes of issues within your processes.
Layout
The insight page will follow a new layout:
- There will be one or more categories
- Users can filter out specific categories from being displayed.
- Each Category section is a horizontal scrolling "carousel" where you can use the little arrows on the right side of the page to move the carousel right or left. You can also click and drag the row to easily move the carousel.
- Each category will have one or more Insight Widgets
- Each widget will display the following:
- A Title
- A button to view more details
- This will take you to a full page view of the exception plans that have been highlighted in the widget (Insight Callout).
- A Visualization
- These will be dependent on the widget insight in order to best showcase the data.
- An Insight Callout section
- This is where we determine the most interesting piece to analyze and display it to our users. For example, the “Highest’ number of vuln instances is X. Or the “Average” is Y. Or the "Fastest" is Z.
- An Insight Details section.
- This section will highlight a potential recommendation for the specific Insight Callout above.
- In Exception Insights, when you click the View Details button you will be displayed the specific Exception Plans which were highlighted in the call-out.
- This means not all of the exceptions for the specific widget are currently visible.
- We plan on releasing more functionality here based on feedback which could include being able to view the other segment data from the visualization.
Use Case Example
Assumption:
- Client A has set specific SLA timeframes based on risk.
- There are two teams within Client A, each focused on different targets.
- There are five users in Team 1 and 10 users in Team B.
- Both teams have created 100 Exception Plans.
Widget: Top Operating Systems
- Visualization: Bar Chart
- The Visualization of this widget is a Bar Chart showcasing the top 5-10 Operating Systems found within Vuln Instances across Exception Plans. It provides the number of Exception Plans with a particular Operating System present within the Vuln Instances.
- Insight Call Out: Highest
- This widget highlights the highest number of exception plans found with a particular OS, the text may read:
- X% of your Exception Plans have Top Operating Systems of <Operating System>
- ex. 31% of your Exception Plans have Top Operating Systems of Windows Server 2016
- This widget highlights the highest number of exception plans found with a particular OS, the text may read:
- Insight Risk Text:
- This section aims to highlight the risk you have accepted for the specific items in the Insight Callout.
-
OPEN Vuln instances covered by these Exception Plans: ###
-
With an average Risk Score of: ###
- Ex.
-
OPEN Vuln instances covered by these Exception Plans: 663
-
With an average Risk Score of: 53.6
-
-
- This section aims to highlight the risk you have accepted for the specific items in the Insight Callout.
- Insight Recommendation
- This section aims to provide some details as to why the Callout was important. In this example, if you see a lot of exception plans with the same Operating System there may be a correlation. If the OS is older it may be even more important to look at the data of these plans as the root cause may be the fact that there are no longer any patches for an old OS. In this case, the recommendation would be:
- Consider upgrading or replacing Operating Systems that have a high number of Exceptions. These systems may be at end of life.
- In this example, if this is news to you, you may now work with your leadership team to determine a strategic effort to upgrade your devices and software. This may take resources and time but you can align on a plan and use these insights to continue to track your progress during transitions.
- This section aims to provide some details as to why the Callout was important. In this example, if you see a lot of exception plans with the same Operating System there may be a correlation. If the OS is older it may be even more important to look at the data of these plans as the root cause may be the fact that there are no longer any patches for an old OS. In this case, the recommendation would be: