Skip to main content
All CollectionsUser Guide
SIRP Security Score (S3)
SIRP Security Score (S3)
Ali Murtaza avatar
Written by Ali Murtaza
Updated over a year ago

SIRP Security Score (S3) quantifies an organization's "Threat Exposure". It is based on SIRP's Predictive Scoring System - SPSS. This score tells you how exposed your organization is to external and internal attacks. SPSS uses more than 25 unique factors to predict the likelihood of a successful attack or a possible breach within your organization. The scoring system also pinpoints the areas in your security operations which should be given the highest remediation priority.

S3 correlates the "value" of your assets with the severity of alerts, vulnerabilities, and threat intelligence via the use of analytics. S3 significantly reduces the risk of being breached when it is used to prioritize response and remediation activity.

With S3, you don't rely on the severities generated by security controls (e.g. SIEM and Vulnerability Assessment tools). Instead, S3 enables you to utilize a risk-based approach to tackling the security alerts and vulnerabilities within your organization.

Configure Asset Values

At the core, SIRP uses Assets' value to calculate the S3 of every Asset. So, the first thing to be configured after adding/importing your Assets information is defining the "Asset Values".

The Asset values are not defined for each Asset individually. Instead, you

  • create "Asset Types" from the Admin section,

  • assign Assets to Asset Types,

  • and assign Values to these Asset Types

This way, you bunch together (categorize) multiple assets and assign them a common value, instead of assigning a value to each asset individually.

You can create/manage Asset Values from Administration > Asset > Asset Value

Note: Asset Value signifies how important or critical an asset is within your organization. The same information can be used by security analysts while investigating an alert against a certain asset.

After creating Asset Value, you can assign these values to Asset Types from Administration > Asset > Asset Types

Note: The Value assigned to an Asset Type becomes the value of all the Assets within that Asset Type.

Finally, the Asset Type needs to be mapped/linked with Assets. This can be done from Administration > Assets > Asset Types or directly by editing the details of an Asset.

S3 in Action

SIRP calculates the S3 in the background and assigns it to every Asset. The score is visible across every container/module in the platform.

Assets List

Asset Dashboard

When you click on the S3 score of any asset, it shows you the dashboard of that asset containing following information:

  • Asset Details: Full information about the asset available in the platform

  • SIRP Security Score: Current S3 of the asset

  • Incidents: All the Incidents in which this asset is tagged

  • Threat Intel: All the Threat Intel in which this asset is tagged

  • Vulnerabilities: All the vulnerabilities found against the asset

Note: You can click on any Incident, Threat Intel, or Vulnerability to go directly into that container.

Alerts List

Alert/Incident Detail View

Alert/Incident Detail View > Affected Assets

Threat Intel List

S3 Dashboard

The SIRP Security Score dashboard provides following information:

  • Current Score: Overall cummulative organizational score

  • Factored score: Individual scores of different data points within the platform i.e. Incidents, Threat Intel, and Vulnerabilities

  • Threat Exposure Trend: Cummulative score plotted over a period of time

  • Threat Exposure Factored Trend: Scores from different data points plotted over time

  • Assets Score: List of Top assets with highest score. Clicking on any asset takes you to the dashboard of that particular asset.

Note: All the provided information is time independent i.e. selection of date/time hfrom calendar component has no impact on the information displayed.

Did this answer your question?