Security risk visualization
The IBM® Security Risk Manager risk dashboard provides a unified view of disparate risk metrics from multiple sources and multiple vectors of security to obtain a high-level overview of your organization's risk posture.
- Correlated view of risks across the enterprise security environment.
- Visualization of most critical risk areas based on the likelihood of risk occurrence and its impact to your business.
- Visualization of potential risk indicators from various vectors such as data, infrastructure, and identity.
- Drill down feature to view and analyze risk metrics.
- Prescriptive recommendations for implementing remedial actions to mitigate risks.
To access the risk dashboard, from the home page, click Risk Manager. Alternatively, from the main menu on the navigation window, in the My applications section, click .
To view risk details of assets on the dashboard for analysis and risk computation, ensure that the data source connections for your source products are created, and configured to import data into Risk Manager.
You must have access to the Risk Manager Advanced application to use the advanced features and capabilities; for example, viewing recommendations and risk trend chart on the dashboard.
Risk score calculation
Risk Manager common risk engine calculates risk
score of every asset by using the Threat, Vulnerability, and Asset Risk components based on the
assigned weight for various factors of risk components. The entities such as databases,
applications, assets, IP addresses, and hostnames are collectively referred to as
assets in Risk Manager. The common
risk configuration framework is used to assign weight for various risk factors that are sourced from
different products for calculating the score. Based on your risk configuration settings, the score
is calculated for each of the components when the risk engine runs. The scores are aggregated to
provide a single view of risks for an asset by using a 3-scale model, high, medium, or low
scale.
The risk engine also computes risk score of the risk areas that are depicted by using a 3-scale model, high, medium, or low scale. A risk area is a logical group of threats of similar nature from various security products. The aggregated risk area scores are plotted on the dashboard by using the percentage calculation in terms of probability of risk occurrence versus the business impact when the risk occurs. The dashboard helps you to focus on the most critical risk areas for implementing appropriate remediation to reduce the identified risks.
Manually running the risk engine
The risk engine runs automatically according to the frequency that is set to calculate the risk score of assets based on the defined configuration values. You can manually run the risk engine from the dashboard if you need to immediately view the risk score for the updated risk configuration. Click the Run risk engine option on the dashboard to manually run the risk engine.
Visualization of IOCs on the dashboard
Risk Manager displays threat activity reports that contain IOC data from the source product, for example, TruSTAR, on the dashboard. The risk engine prioritizes the threat reports based on the risk attributes of the IOCs. The prioritized reports are plotted on the dashboard as risk areas. A risk area is a logical group of threat reports of similar nature. This view of the threat activity reports helps you to focus on the critical IOCs during remediation.
Risk information sources
| Vector | Product | Inputs to Compute Risk Values | |||
|---|---|---|---|---|---|
| Asset Criticality | Threats and Capability | Difficulty/Vulnerability | Business Context | ||
| Data | IBM Security Guardium® | Discovery and classification | Advanced threat analytics | Database vulnerabilities | - |
| Policy violations | |||||
| Data | IBM Data Risk Manager | Taxonomy assignment | - | - | Context mapping |
| Identity | IBM Security Verify | User type | - | User risk profiles | - |
| IBM Security Verify Privilege Vault | Privileged user | ||||
| Infrastructure | IBM Security QRadar® | - | Offenses and threats | OS/App/Infrastructure vulnerabilities - CVE scores | - |
| Infrastructure | TruSTAR | - | Threat events, offenses, and indicators of compromise (IOCs) | - | - |
| Infrastructure | IBM X-Force® Red Vulnerability Management Services (VMS) | - | - | Asset vulnerabilities and exploitability score | - |
| Infrastructure | Micro Focus ArcSight | - | Offenses and threats | - | - |
| Infrastructure | CrowdStrike Falcon | - | Offenses and threats | - | - |
| Infrastructure | Amazon CloudWatch | - | Offenses and threats | - | - |