IoT Security
Risk Score Configuration
Table of Contents
Expand All
|
Collapse All
IoT Security Docs
-
-
- Firewall Deployment Options for IoT Security
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
-
Risk Score Configuration
Customize device risk scores by creating compensating controls from
the Risk Score Configuration page.
Under SettingsRisk Score Configuration, you can view, add, and edit compensating controls from the
compensating control section. Select the
Compensating Control Type tab to view all configured
compensating controls and edit user-defined ones. Switch to the Compensating
Control Matching tab to see where a compensating control matches to devices and
risk (vulnerability or other risk factor), and to customize the compensating
control factor for each matching criteria.
Create a New Compensating Control Type
Define a compensating control type when you want to create a broad category for
related compensating controls. While compensating control types have a matching
rule, you don't directly apply the compensating control type to all devices
that match the rule. You need to create a compensating control with that
compensating control type to apply the compensating control to
matching devices. More commonly, you would narrow the scope of devices that the
compensating control applies to by defining an asset scope.
For example, a system-defined compensating control type is Endpoint Security,
and the matching rule is that a device protected with endpoint protection can
have a compensating control with type Endpoint Security.
There can be multiple compensating control asset scopes that use the Endpoint
Security type. You can only create new compensating control types from the Risk
Score Configuration page.
- Navigate to SettingsRisk Score Configuration and select the Compensating Control Type tab from the compensating controls section.
- Click Add Compensating Control Type to bring up the Add Compensating Control Type pop-up.
- Configure the following fields.
- Type: Enter the type of compensating control.
- Matching Rule: Choose the attributes, operators, and attribute values that identify the compensating control type.
- Apply the new compensating control type.
- Verify that the new compensating control type appears in the Compensating Control Type table.You can now use this compensating control type when applying compensating controls to assets.
Apply a New Compensating Control
You can create a new compensating control to apply to multiple matching assets.
When defining a new compensating control, you can choose a system-defined type
or a user-defined type. After choosing the type of compensating control, you
match that type to a specific asset scope and risk (vulnerability or other risk
factor).
For example, you can define an Endpoint Protection compensating control for all
devices with internet access. The asset scope for the compensating control
would be all assets that have the risk of internet access. Because the
compensating control type is Endpoint Protection, the matching criteria would
only apply to those assets with internet access that also have endpoint
protection. For all assets in scope that match the matching criteria, the
compensating control offsets the risk caused by internet access. The
compensating control does not offset other risks that those devices might be
exposed to.
- Navigate to SettingsRisk Score Configuration, and select the Compensating Control Matching tab from the compensating controls section.
- Click Apply Compensating Control to bring up the Add Compensating Control pop-up.
- Configure the compensating control.When you add or edit a compensating control, the Matching Rule field automatically fills in based on the compensating control type that matches the risk that you chose to add the compensating control to.
- Type: Select the compensating control type. The selected type will also populate the Matching Rule field.
- Name: Enter a name for the compensating control.
- Optional Description: Enter a short description.
- Define the assets and risks the compensating control applies to.
- Configure the following fields:
- Asset Scope: Enter the criteria for all assets that you want to apply the compensating control to.
- Risk: Select the risk that the compensating control applies to. You can select either Vulnerability or Other Risk Criteria.
- Vulnerability Vulnerability Risk Criteria: Define the risk criteria that the compensating control applies to.
- Other Risk Factors Other Risk Criteria: Select the appropriate risk criteria from the drop-down list.
- View Matching Devices to verify the devices included in the asset scope.The Match Results section displays the count of all devices that match to the defined asset scope. You can click on the count to open the assets inventory in a new tab or window, with a filter to see all devices that match your asset scope.
- Enter a Compensating Control Factor, which is how much the compensating control offsets the risk.
- Apply the compensating control.Compensating controls can take up to 24 hours to take effect, so you might not see an immediate change in the device’s risk score.
- Verify that your new compensating control appears in the Compensating Control Matching table.