SIRP Security Score (S3) quantifies an organization's "Threat Exposure". It is based on SIRP's Predictive Scoring System - SPSS. This score tells you how exposed your organization is to external and internal attacks. SPSS uses more than 25 unique factors to predict the likelihood of a successful attack or a possible breach within your organization. The scoring system also pinpoints the areas in your security operations which should be given the highest remediation priority.
S3 correlates the "value" of your assets with the severity of alerts, vulnerabilities, and threat intelligence via the use of analytics. S3 significantly reduces the risk of being breached when it is used to prioritize response and remediation activity.
With S3, you don't rely on the severities generated by security controls (e.g. SIEM and Vulnerability Assessment tools). Instead, S3 enables you to utilize a risk-based approach to tackling the security alerts and vulnerabilities within your organization.
Configure Asset Values
At the core, SIRP uses Assets' value to calculate the S3 of every Asset. So, the first thing to be configured after adding/importing your Assets information is defining the "Asset Values".
The Asset values are not defined for each Asset individually. Instead, you
create "Asset Types" from the Admin section,
assign Assets to Asset Types,
and assign Values to these Asset Types
This way, you bunch together (categorize) multiple assets and assign them a common value, instead of assigning a value to each asset individually.
You can create/manage Asset Values from Administration > Asset > Asset Value
Note: Asset Value signifies how important or critical an asset is within your organization. The same information can be used by security analysts while investigating an alert against a certain asset.
After creating Asset Value, you can assign these values to Asset Types from Administration > Asset > Asset Types
Note: The Value assigned to an Asset Type becomes the value of all the Assets within that Asset Type.
Finally, the Asset Type needs to be mapped/linked with Assets. This can be done from Administration > Assets > Asset Types or directly by editing the details of an Asset.
S3 in Action
SIRP calculates the S3 in the background and assigns it to every Asset. The score is visible across every container/module in the platform.
Assets List
Asset Dashboard
When you click on the S3 score of any asset, it shows you the dashboard of that asset containing following information:
Asset Details: Full information about the asset available in the platform
SIRP Security Score: Current S3 of the asset
Incidents: All the Incidents in which this asset is tagged
Threat Intel: All the Threat Intel in which this asset is tagged
Vulnerabilities: All the vulnerabilities found against the asset
Note: You can click on any Incident, Threat Intel, or Vulnerability to go directly into that container.
Alerts List
Alert/Incident Detail View
Alert/Incident Detail View > Affected Assets
Threat Intel List
S3 Dashboard
The SIRP Security Score dashboard provides following information:
Current Score: Overall cummulative organizational score
Factored score: Individual scores of different data points within the platform i.e. Incidents, Threat Intel, and Vulnerabilities
Threat Exposure Trend: Cummulative score plotted over a period of time
Threat Exposure Factored Trend: Scores from different data points plotted over time
Assets Score: List of Top assets with highest score. Clicking on any asset takes you to the dashboard of that particular asset.
Note: All the provided information is time independent i.e. selection of date/time hfrom calendar component has no impact on the information displayed.
