Vulnerability assessment results categories

When producing vulnerability assessments and insights, many of the results that are provided by IBM® Security Guardium® Analyzer are categorized to help you determine the state of your data risk. This topic describes these results categories.

Priority or Urgency

For each data source that is scanned, the number of sensitive records are determined, as is the number of vulnerabilities. This allows Guardium Analyzer to calculate a risk score for each data source, based on the vulnerabilities and patterns found in the data source - and to then prioritize data sources according risk score. If you address the risks in higher priority data sources first, you will be better able to improve your overall data risk. Guardium Analyzer categorizes priority as Priority 1, Priority 2, and Priority 3 - where Priority 1 indicates data sources that have vulnerabilities that should be addressed first.

Note: Marking or unmarking pattern matches as false positives affects the priority. If you mark or unmark a pattern match as a false positive, any resulting priority changes will be reflected in the next scan.

Days open

To help you determine the rate at which your risk is being reduced, Guardium Analyzer keeps track of the length of time that detected issues have been open. When you are looking at results lists (or the list for an individual result), you can refine the list to include those that have issues that have been open for a certain length of time. When refining these lists, you can filter by these Days open categories:

  • Less than 15 days
  • 15 to 30 days
  • Greater than 30 days

For example, to see the data sources that have vulnerabilities that have been found very recently, go to the data source results page and, when refining the page, select the check box next to Less than 15 days.

Vulnerability and failed test severity

Vulnerabilities fall into these categories:

  • Critical: These vulnerabilities should be prioritized for immediate remediation.
  • High: These vulnerabilities should be reviewed and remedied wherever possible.
  • Medium: These vulnerabilities pose minimal risk to data security.
  • Low: This category represents vulnerabilities that are cautionary or informational in nature.

In the test results view, the severity of a failed test indicates the severity of the vulnerability that is exposed by the test.

Test type

When scanning data sources for vulnerabilities, Guardium Analyzer performs these types of tests:
  • Configuration: Tests that look at data source-specific and system level parameter settings.
  • Authentication: Tests that look at user account usage, remote login usage, and password regulations.
  • Version: These tests look for data source versions and data source patch levels.
  • APAR: Tests that look for IBM Authorized Program Analysis Reports (APAR) related to the data source being scanned.
  • Other

Number of regulated data records (including personal and sensitive personal records)

Guardium Analyzer lets you know how many records are impacted when matching patterns and running tests. When refining these lists, you can filter by these Personal records categories:

  • Greater than 1T (greater than one trillion)
  • 500B to 1T (between 500 billion and one trillion)
  • Less than 500B (less than 500 billion)

Lines of business

When adding a data source to Guardium Data Connector, you can choose to specify the line of business that the data source data pertains to. If you specify a line of business, you will be able to use Guardium Analyzer to see the lines of business that are most vulnerable. The lines of business that can be set include:

  • Accounting
  • Design
  • Development
  • Finance
  • HR
  • IT
  • Marketing
  • Sales