Home

From the Home page, users can quickly navigate to different sections of the system to dig deeper into specific aspects such as security posture, vulnerability analysis, and attack simulations. Additionally, the Home page may display real-time updates, alerts, or notifications to keep users informed about the latest developments in their network security posture.

By presenting a top-level overview of essential details, the Home page enables users to stay informed and make informed decisions regarding their organization's cybersecurity strategy.

Features

• The Topology tile provides an overview of the results obtained from network scanning, presenting key metrics related to the network's structure and security status. Specifically, it includes the following information:

1. Total Number of Subnets: This metric indicates the overall number of subnets within the organization's network infrastructure.

2. Number of Vulnerable Subnets: It highlights the subset of subnets within the network that contain vulnerabilities or security weaknesses. Identifying vulnerable subnets is crucial for prioritizing remediation and strengthening security measures.

3. Total Number of Assets: It shows the total number of assets or devices detected within the network.

4. Vulnerable Assets: Indicates the number of assets within the network that are found to have vulnerabilities or security flaws. Vulnerable assets represent potential entry points for attackers and require immediate attention to mitigate potential risks.

• At the top of the page, there is a tile that displays key metrics related to network security, including exploitable vulnerabilities, critical assets, and critical paths. Each tile provides valuable information regarding different aspects of the organization's security posture, allowing users to quickly assess areas of concern and take appropriate action.

1. Exploitable Vulnerabilities: This tile highlights the number of vulnerabilities within the network that are considered exploitable as they are on critical paths. These vulnerabilities pose an immediate risk to the organization's security and require prompt attention. In the provided example, there are a total of 34 vulnerabilities identified within the network. Among these vulnerabilities, only four are unique, while the remaining 30 vulnerabilities have been repeated multiple times, resulting in a total count of 34 instances.

2. Critical Assets: The second tile on the page displays the number of critical assets that are intersected by critical paths within the network. Critical assets represent key components of the organization's infrastructure that are vital for its operations and may include servers, databases, or other sensitive resources.

3. Critical Paths: The last tile represents the number of critical paths identified within the network. Critical paths represent the most significant routes that potential attackers are likely to exploit to compromise the organization's security.

• In the Risk Assessment section, the system evaluates network risks and generates a dynamic score based on its analysis of the network's security posture. This score reflects the level of risk associated with all the organization's assets within network environment and this score is updated with each scanning cycle. It assesses each asset individually, considering taking into account several factors, including:

1. Number of Critical Paths: The system calculates the total number of critical paths across this asset.

2. Vulnerabilities: Identifies vulnerabilities of this asset.

3. Open Ports: Asset for open ports, which may serve as potential entry points for unauthorized access or exploitation by malicious actors.

4. Connected Assets: It considers the level of connectivity between the under assessment asset and the other assets.

5. Public IP: The presence of public IP addresses within the asset is also taken into account. Publicly accessible assets may be more vulnerable to external threats.

• In the Security Posture section, each asset is assigned a grade based on its individual risk score. This grade reflects the overall security status of the asset within the network. The system evaluates various factors, including vulnerabilities, critical paths, open ports, connected assets, and public IP addresses, to calculate the risk score for each asset.

  Once the risk scores are determined, assets are categorized into different grades, typically represented as A, B, C and D. These grades indicate the level of security posture associated with each asset. Assets with a grade of A are considered to have a strong security posture, indicating minimal risk and effective security measures in place. Assets with a grade of B may have some vulnerabilities or areas for improvement, while assets with a grade of C may pose higher risks and require immediate attention to address security weaknesses.

  On the Home page, the system aggregates assets based on their assigned grades, allowing users to easily visualize and prioritize assets according to their security posture. By grouping assets into categories based on their security grades, users can focus their efforts on addressing vulnerabilities and strengthening security measures where they are needed most.

• The system uses a cutting-edge technology known as a Large Language Model (LLM) to simplify complex attack graphs for users who may find them difficult to interpret. This technology operates as a third stage of analysis, where it takes the attack graph as input and generates a full written attack scenario to be presented in the dashboard. This scenario provides a summarized overview of the potential attack paths identified in the network, along with recommended remediation actions.

  By utilizing the LLM technology, users receive a clear and understandable narrative of the potential security threats facing their network. The written attack scenario outlines the sequence of events that an attacker could exploit to compromise network security, enabling users to better understand the nature and severity of the risks involved.

  Furthermore, the attack scenario includes recommended remediation actions that users can implement to mitigate the identified security threats effectively. These remediation recommendations are based on best practices and industry standards, providing users with actionable steps to strengthen their network defenses and mitigate potential vulnerabilities.

  As part of the ongoing security monitoring process, the system conducts regular scanning cycles to assess the current state of the network. Any changes or updates to the network's security posture, including the implementation of recommended remediation actions, are reflected in subsequent scan results.

• The Vulnerability Distribution section on the Home page provides users with the same information presented in the Network Vulnerability page. This tile offers insights into the distribution of vulnerabilities across the network, highlighting the severity and frequency of vulnerabilities detected.

• The EPSS vs CVSS graph provides users with a visual representation of vulnerability prioritization based on severity and exploitability. This graph illustrates the relationship between the Exploitability and Impact Score System (EPSS) and the Common Vulnerability Scoring System (CVSS), allowing users to categorize vulnerabilities into four distinct sections:

  1. Low Exploitability, Low Severity (Low-Low): Vulnerabilities in this category have low exploitability and low severity, indicating that they pose minimal immediate risk to the network. These vulnerabilities may still require attention, but they can typically be addressed with lower priority.

  2. High Exploitability, Low Severity (High-Low): Vulnerabilities in this category have high exploitability but low severity. While they may be easier for attackers to exploit, their impact on the network is relatively low. Users should prioritize remediation efforts for these vulnerabilities to prevent potential exploitation.

  3. Low Exploitability, High Severity (Low-High): Vulnerabilities in this category have low exploitability but high severity, indicating significant potential impact if exploited. Although they may be more challenging for attackers to exploit, their severity requires a prompt attention and remediation.

  4. High Exploitability, High Severity (High-High): Vulnerabilities in this category have both high exploitability and high severity, representing the most critical risks to the network. These vulnerabilities pose an immediate and significant threat and should be addressed with the highest priority to prevent potential exploitation.

Recent Simulated Results

• The Recent Simulated Results section on the Home page provides users with an overview of the network's current security status following the implementation of remediation steps recommended by the system. By presenting recent simulated results, users can evaluate the impact of remediation actions on mitigating vulnerabilities and strengthening overall network defenses. This information enables users to monitor progress and identify any remaining security gaps that may require further attention.