A Low Effort Guide to Keeping Tabs on Your Security Posture

September 29, 2020 | 5 min read | Security Posture

It is a fact that seeing “green”, especially when it comes to your security posture, feels good. And the more green it is, the happier you are. Yes, seeing green requires effort. But Balbix makes it easy.

Here’s how one Balbix customer keeps tabs on his organization’s security posture.

1 – Check Out the Global Risk Snapshot

Every morning, I fire up my laptop and check this view first:

Global Risk Snapshot

This shows my company’s global risk snapshot, breach likelihood by business segment, by attack vector and by geographic locations.

2 – View Risk by Inventory

Then I check out the “risk by inventory” section where Balbix’s prioritized risk insights actually tell me, in priority order, which actions we should take first to reduce our risk. We couldn’t get this level of risk-based prioritization from a traditional vulnerability management vendor.

breach risk minimization
Risk by Inventory

3 – Drill Down Into Asset Groups of Interest

See the red “Servers” section at the core of the doughnut chart (Balbix calls it a sunburst, by the way)? I can drill into that and check out this view:

Drill Down Into Servers

4 – Understand Risk Details for Asset Groups

Then I usually dig into the risk details where I can find granular info on this group of server assets (we have 12,760 of these, BTW) including top risk insights across 7 classes of attack vectors (called the Breach Method Matrix). One of the things that sold us on Balbix was that it looked at such a broad view of our attack surface – far beyond the focus on CVEs and misconfiguration that our prior vendor focused on.

Risk Details for the “Servers” Asset Group

And this is a real-time view, because the Balbix platform continuously monitors all our assets across hundreds of attack vectors to give us an accurate picture of our attack surface and security posture.

I can repeat the above 4 steps to check out our assets, categorized by type and location with in-depth details like software and hardware version, open ports, running services, usage, and security vulnerabilities.

I can even use the natural language search to look up any risk issue or CVE or asset category on my mind.

5 – Review Patching Dashboard

Then, I check out my patching dashboard to see our mean-time-to-patch and the patching posture compliance by business unit or geo location.

Patching Dashboard

6 – Check out the Strategic CISO Dashboard

And finally, I take a deep breath and see where we were on the cyber risk spectrum, where we are right now, and where we want to be.

strategic ciso dashboards
Strategic CISO/CIO Dashboard

See the reds, turning into oranges and greens? Bliss, both for me, and for the Board, when I use this chart in my periodic presentations to them.

Seeing Green with Balbix

See how easy it is to keep tabs on our security posture with Balbix custom dashboards? They let you slice and dice views of your cybersecurity program in multiple ways so you know exactly what you need to do to optimize your security posture. Balbix offers:

  1. 100x visibility into your assets and inventory
  2. Ability to understand the effectiveness of your security controls
  3. Vulnerability monitoring across 9 classes of attack vectors, including unpatched software, missing or weak credentials, encryption issues, phishing and ransomware and more
  4. Prioritized risk insights based on vulnerabilities, threats, existing security controls, business criticality of assets, and exposure due to usage or configuration
  5. Dashboards and tools to view your security posture, workflows to automate integrations and ticketing, and natural language search to make your life easier

Related Posts

CISO Board Presentations: 9 Key Slides You Need
Risk heat map for breach likelihood
Improving Your Security Posture in 3 Easy Steps
Making Infosec Jobs Easier: Improving Security Posture