Customize Risk Scores

Table of Contents

Create a risk framework that captures your environment's risk tolerance by customizing the factors that affect risk scores.

Where Can I Use This?	What Do I Need?
IoT Security (Managed by IoT Security)	IoT Security subscription for an advanced IoT Security product (Enterprise Plus, Industrial OT, or Medical)

Risk scoring customization lets you specify risk management for your organization. By customizing the values and weights of risk factors, compensating controls, and asset criticality levels, you gain a more accurate representation of risk in your environment. You can also better understand what makes devices risky and which factors contribute most significantly to their risk scores. Regular review and adjustment of these settings ensure that risk scores remain relevant as your environment evolves. Use risk scoring customization to create a risk assessment framework tailored to your environment’s security posture and risk tolerance.

You can view the impact of different factors on a device’s risk score from the Device Details page. From there, you can also adjust existing compensating controls. To add new compensating controls or make changes to other factors, go to the Risk Score Configuration page.

Customize risk score factors across all of your assets from the SettingsRisk Score Configuration page. You can make adjustments to the following factors that contribute to a device's overall risk score:

Vulnerabilities
Security alerts
Other risk factors
Impact factor (asset criticality)
Compensating controls

Customize How Vulnerabilities Affect Risk Scores

When you define a vulnerability rule, you specify a matching criteria for vulnerabilities and the resulting risk score. If a vulnerability matches the criteria of a vulnerability rule, then the vulnerability rule assigns the defined risk score to that vulnerability. IoT Security uses this risk score when considering the vulnerability’s impact on the overall device risk score. In the case that a vulnerability matches multiple vulnerability rules, then IoT Security applies the highest risk score to that vulnerability.

You can view and manage your vulnerability rules in the Vulnerabilities table on SettingsRisk Score Configuration. Hover over a vulnerability rule’s criteria to see the entire matching criteria. You can click on the number of matched CVEs to go to the Vulnerabilities page and see all the vulnerabilities that match the vulnerability rule, as well as all instances affected by each vulnerability. To edit an existing vulnerability rule, select the Edit (pencil) icon under the Action column.

Navigate to SettingsRisk Score Configuration and select Add Vulnerability Rule from the Vulnerabilities table.
In the Edit Vulnerability Criteria pop-up, specify the following:
- Vulnerability Rule Name: Enter a name for the vulnerability rule.
- Optional Description: Enter a description for the vulnerability rule.
- Vulnerability Criteria: Select the matching criteria you want to use for the vulnerability rule. You can select multiple attributes to use. If you select multiple attributes, then a vulnerability must match all criteria for the vulnerability rule to assign the custom risk score.
- Risk Score: Enter the risk score you want to assign to all matched vulnerabilities.
Apply the vulnerability rule, and verify that the vulnerability rule appears in the Vulnerabilities table.

Customize How Security Alerts Affect Risk Scores

Security Alerts affect device risk scores depending on the severity of the alerts. To customize the risk score for security alerts, you can change the risk score of each security alert severity level. You can’t change the risk score for individual security alerts or security alerts on individual devices.

You can view and manage the risk score of security alerts in the Security Alerts section on SettingsRisk Score Configuration. The section displays the risk score assigned to each alert security level. To change a risk score, select the Edit (pencil) icon next to the risk score for the severity level you want to modify. You can also remove all security alert customizations by selecting Reset to Default.

Only users with an Owner role can adjust the risk score for security alert severity levels.

Navigate to SettingsRisk Score Configuration and scroll down to the Security Alerts section.
Select the Edit (pencil) icon next to the risk score of the severity level you want to modify.
In the Edit Security Alert Risk Score pop-up, enter the new risk score you want to assign to the severity level.

Risk scores must be a number from 0 to 100. When choosing a risk score, you can’t exceed the risk score of a higher severity level. Nor can you choose a risk score that’s less than the risk score of a lower severity level.
Confirm the new risk score and verify that the Security Alerts section displays the updated risk score.

Customize How Other Risk Factors Affect Risk Scores

When calculating a device risk score, IoT Security considers other risk factors beyond vulnerabilities and alerts. Other risk factors can be broadly applicable, such as the status of an operating system, or they might be specific to an IoT Security vertical, such as MDS2 factors that apply only in healthcare settings. While IoT Security allows only system-defined other risk factors, you can customize the risk score to adjust how much these factors affect device risk scores.

You can view and manage the risk scores of other risk factors in the Other Risk Factors section on SettingsRisk Score Configuration. The table displays the Category, Name, Description, and Risk Score for each factor. Hover over a field to see the full value displayed. To change a risk score, select the Edit (pencil) icon next to the risk score for the risk factor you want to modify. You can also remove all risk score customizations by selecting Reset to Default.

Navigate to SettingsRisk Score Configuration and scroll down to the Other Risk Factors section.
Select the Edit (pencil) icon next to the risk score of the risk factor you want to modify.
In the Edit Other Risk Factors Risk Score pop-up, enter the new risk score you want to assign to that risk factor.
Confirm the new risk score and verify that the Other Risk Factors section displays the updated risk score.

Customize How Asset Criticality Affects Risk Scores

A device's asset criticality affects the amplification of the overall device risk score. The higher the asset criticality level, the more IoT Security amplifies the device risk score. You can change a device’s asset criticality level to adjust the risk score for individual devices. To change how much an asset criticality affects all devices across your network, you can customize the impact factor for each asset criticality level.

You can view and manage the impact factor of asset criticality levels in the Impact Factor section on SettingsRisk Score Configuration. The section displays the impact factor, as a percentage, assigned to each asset criticality level. To change an impact factor, select the Edit (pencil) icon next to the impact factor for the asset criticality level you want to modify. You can also remove all impact factor customizations by selecting Reset to Default.

Only users with an Owner role can adjust the risk score for security alert severity levels.

Navigate to SettingsRisk Score Configuration and scroll down to the Impact Factor section.
Select the Edit (pencil) icon next to the impact factor of the asset criticality level you want to modify.
In the Edit Asset Criticality Impact Factor pop-up, enter the new impact factor you want to assign to the asset criticality level.

Impact factors must be a number from 0 to 100. When choosing an impact factor, you can’t exceed the impact factor of a higher asset criticality level. Nor can you choose an impact factor that’s less than the impact factor of a lower asset criticality level.
Confirm the new impact factor and verify that the Impact Factor section displays the updated impact factor.

IoT Risk Assessment

Create Compensating Controls

IoT Security Docs

Customize Risk Scores

IoT Security Docs