As it is rightly said by Mr. Peter Drucker – What gets measured gets improved. Thinking about security, it is important to ask ourselves, are we measuring the security risks of our organization? Or rather are we measuring them enough? If done correctly, it would build a good perspective on the entire process of managing risks. It helps in prioritizing the risks and alerts teams about important risks that need attention.
This calls to have the right tools in our environment to not only detect but also to report all the key security risks to the teams on a regular basis. With this in mind, we have added a new feature in SynVM – Custom Reports, which would let us do just that.
Not only does it generate different security reports, but it also builds awareness among teams by actively sharing such information with them.
You can create multiple combinations of security reports of your choice using the Custom Report feature. Let us find out some of the reports that can be generated through it in the context of Vulnerability risk management.
Application List with Summary
Consider we want to generate a report of the applications in our environment with their open security vulnerability count. In order to do that we will have to create a new report specifically for application assets. In the metrics section, there will be an option to select the measure as a count of security issues. The filters provide a convenient option to narrow down to the desired data set like asset criticality etc.
Once you save the report configuration, the just in time version of the report will get ready, along with a graphical representation of the data. In the case above, the graph shows open security issue distribution as per asset criticality.
It also gives an option to instantly download the report in an excel or “CSV” format and share it with the team.
The reports can be fully customized as per your criteria by adding different filters and conditions.
Open Issue of the Server
Let us move onto servers. We can also configure the reports based on their source or the security test type. Here is a custom report that is meant to display all the penetration testing (PT) issues of the servers. The report is created by selecting a comprehensive list of columns related to the affected servers like group, hierarchy, etc. Any kind of related information can be also be added to the report through the available options.
If we wish to further drill down the information to a type of the issue, for instance, in order to look for all the SSL related issues, a condition needs to be set.
The report then displays only the data that matches the condition like SSL related issues in this case. This is a powerful feature to analyze or look for any specific vulnerability or system present in your environment.
Most often, InfoSec managers are interested in analyzing the results on a quarterly basis. Especially during audits, it becomes imperative to generate such reports. In this feature, you would get an option to view your vulnerability trends on a quarterly basis.
In this way, many more custom Reports can be generated that will provide flexibility to InfoSec managers to visualize and analyze any combination of data.
Improve the security posture of your organization with SynVM. With features like custom reports, you will be able to track and act on your IT risks on time, without any hassles.
See how SynVM works: https://www.youtube.com/watch?v=T9owjWN9DDs