Securonix has the capability to provide Continuous Monitoring of risk ranking for complete visibility and understanding of the source of risks within the organization. From the single user or system all the way up to the aggregate level of a department, division, line of business and all the way to the top of the organization.
The Securonix Risk Ranking solution allows organizations to view their overall risk ratings with the associated risk vectors in relation to different users and systems. The system provides a comprehensive view of the underlying reporting structure of the organization and its risk rating.
Securonix utilizes a a scoring system that ranks the various lines of business with a grade between A and F as well as an accurate GPA numbered score between 0-4. Looking at a given division and its underlying organizations, companies can view the different risk vectors that lead to a specific risk rating.
Securonix provides the ability to look at user risk rating, system risk rating and application risk rating for each part of the organization. Line of business managers are able to view their organizational risk score at the line of business level as well as deep dive into the department levels beneath them all the way down to a specific user, system or application.
Risk rating can be viewed within Securonix in real time as well as the overall trending risk levels over a period of time.
The solution also provides the ability to create a comparative view where managers can see how their organizational risk ratings compare to those of their colleagues in other lines of business.
User based risk may include parameters such as personal risk which could be derived from the usage and engagement in social networks, types of devices in use by the person and overall behavior of the user while performing their job on the companies system infrastructure and applications. Additionally, parameters such as term of employment, time on the job, location and background can also affect a users risk rank according to the policy the organization puts in place.
System risk ranking includes components such as servers and desktop computers within the organization. The risk rank is calculated using information received from vulnerability scanning reports. According to the level of vulnerability on a computer or set of computers, the risk is calculated and a mitigation plan may be suggested for improving the risk rating by patching for those existing vulnerabilities. Same is true for monitoring for compliance and malware.
By taking action such as deploying a patch for an existing risk such as an open vulnerability, the organization is now able to mitigate the risk and improve their overall risk rating.
Securonix Case Management Facility
Securonix additionally supports a full lifecycle around risk elements that allows a person with one role to assign the mitigation of a risk to someone else such as assigning a vulnerability patch deployment to the relevant person in the IT organization and the ability to track a ticket through its life cycle. The system automatically creates a case for each mitigation request and tracks it. As the risk is mitigated the risk rating is automatically updated and the overall risk rating improves.