Risk Calculation
CloudGuard assesses cloud risk based on findings, exposure, privilege levels, and other factors.
CloudGuard gives a Risk Score to cloud assets. The Risk Score of a cloud asset is a number between 0.1 and 10.0.
CloudGuard gives a Risk Level to cloud environments. The Risk Level of a cloud environment is Low, Medium, High, or Critical.
This table shows the correspondence between Risk Levels and Risk Scores (and their background colors):
| Risk Score | Risk Level | Background Color |
|---|---|---|
|
0.1 - 3.9 |
Low |
|
|
4.0 - 6.9 |
Medium |
|
|
7.0 - 8.9 |
High |
|
|
9.0 - 10.0 |
Critical |
|
Asset Risk (Risk Score)
CloudGuard analyzes your cloud assets and gives a risk score to each supported asset. CloudGuard considers these factors:
-
Base Risk - the attack surface of each asset (example: Common Vulnerabilities and Exposures (CVEs))
-
Context Modifiers - the likelihood that the asset is a target for attacks (example: publicly exposed assets)
-
Impact Modifiers - the possible impact if the asset is compromised (example: business priority)
CloudGuard recalculates the risk score after you change the rules for risk calculation and after you change the business priority of an asset. If you do not do one of these, CloudGuard recalculates the risk score once every several hours. For more information about rulesets and configuration instructions, see ERM Rulesets.
To see the risk score of your assets, navigate to Risk Management > Protected Assets. For more information, see ERM Protected Assets.
Step 1: CloudGuard Calculates Base Risk Score
-
CloudGuard uses these findings to calculate a base risk score:
-
posture findings
-
CVEs
-
threats
-
secrets
CloudGuard supports several vulnerability scanners. CloudGuard's AWP solution finds CVEs, threats, and secrets. In AWS
Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services. environments, Amazon Inspector v2 also scans assets for CVEs. The risk score calculation does not include vulnerabilities with Informational and Unknown severity. -
-
CloudGuard classifies each finding by severity: Low, Medium, High, or Critical.
-
CloudGuard uses a formula to determine the base risk score for an asset. These are general principles of how the formula compares assets:
-
An asset with a higher severity finding gets a higher base risk score than an asset with lower severity findings.
Example - Asset A has 1 High severity finding, and Asset B has 20 Medium security findings. Asset A gets a higher base risk score.
-
If two assets have a highest-level security finding at the same level, the one with a larger number of findings at the highest level gets priority.
Example - Asset C has 2 High severity findings, and Asset D has 4 High severity findings. Asset D gets a higher base risk score.
-
If two assets have the same number of findings at the highest common level, the asset with more findings at the next highest level gets a higher base risk score.
Example - Asset E has 2 High severity findings and 2 Medium severity findings. Asset F has 2 High severity findings and 1 Low severity finding. Asset E gets a higher base risk score.
-
Step 2: CloudGuard Adjusts the Base Risk Score based on Business Priority
After CloudGuard takes findings into account, CloudGuard adjusts the risk score based on the business priority of the asset. For more information about Business Priority and configuration instructions, see Business Priority.
|
Business Priority / Findings Severity |
Low Severity |
Medium Severity |
High Severity |
Critical Severity |
|---|---|---|---|---|
|
Minor Importance |
0-0.7 |
0.7-1.5 |
1.5-2.5 |
2.5-10.0 |
|
Important |
0-1.5 |
1.5-3.5 |
3.5-6.0 |
6.0-10.0 |
|
Undefined |
0-2.0 |
2.0-5.0 |
5.0-8.0 |
8.0-10.0 |
|
High Importance |
0-2.5 |
2.5-5.5 |
5.5-8.5 |
8.5-10.0 |
|
Crown Jewel |
0-3.0 |
3.0-6.2 |
6.2-9.5 |
9.5-10.0 |
Example 1 - An asset with High Importance and at least one High severity finding gets a Base Risk Score in the range of 5.5-8.5, depending on the number of High/Medium/Low severity findings.
Example 2 - An asset with High Importance and at least one Critical severity finding gets a Base Risk Score in the range of 8.5-10.0, depending on the number of Critical/High/Medium/Low severity findings.
Step 3: CloudGuard Modifies the Base Risk Score based on Context Modifiers
CloudGuard modifies the Base Risk Score based on contextual data, including:
-
Network Exposure - The level of network accessibility from the public domain. If a network is partially public and partially private, CloudGuard reduces the risk score by a constant magnitude.
-
IAM Exposure - The level of asset accessibility from the public domain. If an asset is partially public and partially private, CloudGuard reduces the risk score by a constant magnitude.
-
IAM Sensitivity - The possible damage caused to the cloud environment because of IAM
Identity and Access Management (IAM) - A web service that customers can use to manage users and user permissions within their organizations. permissions. The less sensitive the asset, the more CloudGuard reduces the risk score. For more information, see IAM_Sensitivity. -
Data Sensitivity - Indicates if the data in the asset is sensitive or not. If the asset does not hold sensitive data, CloudGuard reduces the risk score by a constant magnitude.
Environment Risk (Risk Level)
CloudGuard calculates a risk level for an environment. The risk level is based on the risk scores of the assets in the environment. The risk level calculation does not consider assets that are stopped and assets that have a risk score of zero. Environment Risk is supported for these platforms:
-
AWS
How CloudGuard Calculates Environment Risk
CloudGuard uses a formula to determine the environment risk. These are general principles of how the formula compares environments:
-
An environment with higher-risk assets gets priority over an environment with lower-risk assets.
Example - The highest-scoring asset in Environment A is in the Critical range. The highest-scoring asset in Environment B is in the High range. Environment A gets priority.
-
If two environments have assets at the same highest risk level, the environment with a larger number of assets at the highest level gets priority.
Example - The highest-scoring assets in Environment C and in Environment D are in the High range. Environment C has 10 assets in the High range Environment D has 4 assets in the High range. Environment C gets priority.
-
If two environments have the same number of assets at the highest common risk level, the environment with more assets at the next-highest level gets priority.
Example - The highest-scoring assets in Environment E and Environment F are in the High range. Environment E and Environment F each have 10 assets in the High range. Environment E has 25 assets in the Medium range. Environment F has 15 assets in the Medium range. Environment E gets a higher environment risk.
More Links