Guides
sevco.io
Start typing to search…

Exposure Management Overview

Overview

The Exposure Management page provides an advanced tool set that:

  • Automatically consolidates and prioritizes different types of Exposures—misconfigurations, controls-coverage gaps, software vulnerabilities, etc.— across your environment
  • Enables you to remediate Exposures that impact your assets
  • Reports on the efficacy of vulnerability and patch management programs

This page enables the aggregation and prioritization of Exposures for effective prioritization as well as tracking the remediation of different types of Exposures impacting your assets. By consolidating Exposures across asset classes into one place, the Exposure Management dashboard can be used to understand what kinds of vulnerabilities are impacting your environment, assess your overall risk, and take action accordingly.

Why Use This Page?

Sevco users operate in complex environments and are often getting information about Exposures from multiple sources such as their EDR, vulnerability assessment, and patch management tools. They require different solutions to properly assess, secure, and monitor vulnerabilities that leave them exposed to threats. This leads to vulnerabilities and associated asset context being siloed into the corresponding tooling, making it extremely difficult to:

  • Identify what Exposures exist in their environment
  • Determine which vulnerabilities are leaving them the most exposed
  • Determine which Exposures they should focus their time and attention on
  • Monitor, track, and report on the activities taking place to resolve identified Exposures

The Exposure Management capabilities will help teams break down these silos and begin to:

  • Aggregate multiple types of vulnerabilities and Exposures across different assets types into a single comprehensive prioritized list
  • Track vulnerabilities and Exposures to identify root cause in processes and report on their status and age according to internal SLA

What We Track

Sevco current tracks the following Exposures:

  • Environmental Vulnerabilities – Environmental vulnerabilities are weaknesses in your infrastructure that could expose systems to threats such as network configuration issues, policy and compliance gaps, and cloud misconfigurations.
  • CVEs – Common Vulnerabilities and Exposures (CVEs) are unique identifiers assigned to publicly-disclosed cybersecurity vulnerabilities in hardware and software. Organizations can use CVEs to identify and address known weaknesses through patches or other mitigation tactics based on the severity and known impact described in each CVE entry.

Accessing the Exposure Management Page

You can access the Exposure Management page by clicking the Exposure Management icon () on the Navigation bar.

Exposure Management Navigation

The Exposure Management page shares many similarities in layout and navigation to other pages in Sevco that you are used to such as the Live Inventory page. However, there are some key differences in the data that is displayed on this page versus others in the platform. We will be reviewing the differences in this section.

Device Statistics

Device statistics are located toward the top of the page. There are three categories:

  • Devices with open status – These are devices that have one or more Exposures in an open status. Learn more. This will provide insight into how many unique devices require some action to remediate or mitigate Exposure(s).
  • Devices with in Progress Status – These are devices that have one or more Exposure in an In Progress status. Learn more This will provide insight into how many unique devices with an Exposure are actively being investigated or addressed.
  • New Devices in Last 24 Hours – These are devices that have been identified as having a new Exposure within the last 24 hours

Exposures List

The Exposures list displays a list of all Exposures currently being monitored in your environment. By default, the page will be filtered to only Exposures with unresolved findings.

Severity

The Severity of an Exposure is represented by an icon in the far-left column of each row.

SeverityDefinition

Critical		Exposures with a critical severity pose the highest risk to your security environment and should be addressed immediately.

High		Exposures with a high severity pose a high risk to your security environment and should be addressed as soon as possible.

Medium		Exposures with a medium severity post a medium risk to your security environment and should be prioritized accordingly.

Low		Exposures with a low severity pose a minimal risk to your security environment and should be prioritized after more-severe Exposures in your environment.

Some Exposures have out-of-box severities assigned to them. You can override the severity of an Exposure according to your risk profile by clicking on an Exposure row to expand it and selecting your desired severity from the Severity dropdown.

Open Exposures

The Open column displays the total number of assets that have had no tracked action taken on them. This identifies what existing and new assets to investigate and determine next steps on. Additionally, open-exposure totals are linked and will redirect to the Live Inventory page where you can view all Open assets impacted by an Exposure.

Total Exposures

The Total column displays the total number of assets with a particular Exposure, regardless of any asset remediation statuses you have assigned to your assets. An asset is only excluded from this total once it has been resolved of an Exposure. Additionally, Exposure totals are linked and will redirect to the Live Inventory page where you can view all assets impacted by an Exposure.

30-Day Change

The 30-day change column is used to display the change in assets impacted by an Exposure over a 30-day period. The yellow arrows represent the net rate of change over time that has increased the total number of assets with the Exposure, while the green arrows represent the net rate of change over time has decreased the total number of assets with the Exposure. The number to the left of each arrow indicates the total number of assets that have been added to an Exposure’s asset total or resolved of the vulnerability in a 30-day period.

Average Age

The Avg Age column and number represents the average time that Exposures have spent unresolved. (This excludes those assigned a remediation status of Accepted Risk. The bar is a graphical representation of the percent of assets that are above and below the configured Age Threshold. Hover over the blue and yellow bars to view the number of assets identified above and below your Age Threshold.

Exposure Dropdown

You can access more information about an Exposure by clicking on its row to expand it. Please refer to the image and definitions below for information about each section.

  1. Severity – The defined priority ranking of the Exposure that accounts for
    • Time sensitivity - The urgency at which you should respond
    • Impact - How much damage the it can cause
      Use the Severity dropdown to change the severity of an Exposure according to your own risk profile.
  2. Age Threshold – The defined limit of what is the acceptable age or allowed days it should take to resolve Exposures. This value impacts the Avg age column, as that column displays the number of assets that fall in and outside of your defined threshold. Use the Age Threshold dropdown to change the threshold of a Exposure according to your own risk profile
  3. Statuses – The number of assets that have been assigned to a status for that Exposure. Statuses are linked and will redirect to the Live Inventory page where you can view information about impacted assets that have been assigned a status Learn more about remediation status
  4. Observation – The definition or explanation of an Exposure that has been identified.
  5. Impact – A short summary describes the potential consequences of not resolving an Exposure.
  6. Recommendation – A short summary describes what the appropriate next steps could be to mitigate or remediate the Exposure
  7. Related Vulnerabilities – A list of Exposures that are also impacting the same assets affected by the selected Exposure. Select the Assets also affected links to view assets with a particular related Exposure on the Live Inventory page.

Query

ℹ️

Note: The query builder is automatically set to filter for and only display Exposures with asset totals greater than zero. To view all Exposures that have impacted your environment, select the Reset button.

The Query Builder and Exposures are all part of our Asset Graph technology providing a powerful tool that allows you to search for specific Exposures using criteria defined in a query associated with any other asset attribute. For example, you may wish to run a query that displays Exposures impacting Devices running on Windows Operating systems or use the IP Address attribute to search for Exposuresimpacting a specific office. Regardless of what query you are running, the query builder is the easiest way to gain insight into how Exposures are impacting specific segments of your asset environment.

Filters

For simple searches that may not require the Query Builder, we recommend using the filters in the left panel of the page. These will allow you to filter by Exposure Severity, Asset Type, and Exposure Category.

Viewing Asset Info on Other Pages

While the Exposure Management page provides an overview and a place to centrally manage the Exposures present in your environment and how many assets are impacted by them, you may wish to view information about the impacted assets themselves. This information can be accessed from both the Live Inventory and Asset Details pages in Sevco.

Live Inventory

The Live Inventory page provides an overview of the Exposures impacting your assets. You can also use this page to assign a status to one or multiple assets.

Select an asset row to expand it and view more information about an asset.

  1. A severity indicator is displayed to the left of the asset's name and is determined by the most severe Exposure impacting the asset.
  2. All Exposures impacting an asset are listed in order of severity.
  3. If an Exposure has been assigned a status, it will be indicated with an icon to the left of the Exposure's name.
  4. Select the See details button to view more information about an asset and its vulnerabilities on the Asset Details page.

Asset Details

The Asset Details page can be used to view additional information about Exposures impacting an asset. Additionally, you can also assign a status to the asset on this page.

The right panel displays information about all of the Exposures impacting an asset. In addition to the Exposures identified on the Exposure Management page, you can also find information about Software vulnerabilities impacting an asset. You can learn more about Software vulnerabilities here.

Select the Exposure Management tab in the left menu on the page to view additional information about the Exposures impacting an asset such as when it was first observed, its remediation status and when the status was set, as well as any notes added to the Exposure. This is also where you can assign a status or undo a status assignment.

Updated about 16 hours ago