Risk is everywhere. Look around your organization: It's in your Web applications. It's in your database servers. It's in every workstation your IT team deploys. And, unfortunately, it's in the people who use and administer these machines. The bad guys are betting on it.
So, what if you could track risk over time for assets associated with people and teams in your organization? For example, wouldn't it be handy to compare risk trends on servers assigned to different IT administrators so that you could assess the administrators' performance? Or perhaps you could track risk trends for assets used by your marketing team vs. those used by your R&D team.
As of the Nexpose 5.9.11 release, you can create graphs that show risk trends over time associated with people, departments, locations, or other business factors. In the following example, we'll track risk for owner tags that associate operating systems with five IT administrators: Kristina, Mickey, Joan, Carl, and Chris. We've applied owner tags for those administrators, and now we'll create a report:
- Click the Reports tab and create a new report.
- Select a template that includes risk trend charts, such as Audit, Baseline Comparison, Executive Overview, or a custom template based on one of these.
- Select tags as a report scope filter.
- Select the names of the five owner tags and click Done.
- In the report configuration panel, expand Advanced Settings, and then expand Risk Trend Graphs.
- Select the trend option for tags.
- Select either the option to show total risk or average risk.
Total risk is a good indicator of how changes in the "surface area" of your environment--the number of new assets being added, for example--are impacting your risk over time.
Average risk may be a better measurement of success with remediation efforts over time.
- Select either the option to include information from the entire asset history or just as of the time of the report. The assets associated with a tag can change over time. If you want to base risk data on tagged assets for a particular period you can tagged asset assets throughout the deployment history. Or you can base each risk data point on the assets that are currently tagged.
- Select a date range.
- Run the report.
In the report, you'll see a graph that shows risk trends for each of the IT administrators. Using this information, you can track and compare their performance over time. If you see significant changes in trend patterns, you may be able to trace those to certain events. In the case of this report, a dramatic spike in the average risk for Mickey's assets in late January may warrant some investigation. It may be indicative, for example, of an uptick in new, unremediated vulnerabilities in that time period.
Tracking risk trends for asset tags is a great basis for investigation into how risk is being managed in your environment. Trend reports can serve as score cards for the performance of different asset owners on your team or indicate gaps where additional training or resources are needed.