About
The Vulcan Cyber ExposureOS platform Home Page Dashboard module allows you, from managers to executives, to receive a coherent and elaborative view of the overall risk, tasks, and actions calculated and performed by the Vulcan Cyber ExposureOS platform.
Filters
Filter the home page dashboard data by Business Group to focus on the assets that matter to you the most.
Widgets
Security Posture Rating
The SPR widget displays your SPR calculated according to the threshold you defined. It indicates the percentage of assets complying with your maximum SPR risk threshold.
Risk Mass
The Risk Mass indicator is a sum of all the calculated atomic risks of all vulnerability instances at a given time in your organization. The risk mass indicates the amount of all maximum risk scores gathered from all instances. Risk mass in Business Groups shows the maximum number of risks gathered per specific Business Group. As a CISO and security personnel, you must aim to lower your risk mass by remediating vulnerabilities.
Company ROI
The Company ROI indicator shows how many person-hours your organization saves using the Vulcan Cyber ExposureOS platform.
Return-of-Investment of person-hours your Cyber Security department and organization is saving by utilizing the Vulcan Cyber ExposureOS platform. The more you get out of the Vulcan Cyber ExposureOS platform, the more money you save on Cyber Security procedures and man-hours.
The "Saving" is evaluated by calculating the amount of data consolidated and the number of actions performed through the Vulcan Cyber ExposureOS platform.
How is the ROI calculated?
Company ROI is composed of two main components:
Platform ROI (incremented monthly) + Actions ROI (calculated daily) = Company ROI
Platform ROI
At the beginning of each month, the Vulcan Cyber ExposureOS platform calculates how many hours it would have taken a single person to handle the data retrieved from the multiple scanners manually. This includes analyzing, correlating, prioritizing, researching fixes, and generating reports.
Let's look at the following calculation example:
16,000 ingested assets + 40,000 ingested vulnerability instances from multiple scanners = 56,000 data units
56,000 data units * 0.0008 h/data point = 45 person hours = 1 week of work of a single person
Action ROI
Examples of automated actions include opening and assigning a task, populating the relevant vulnerability information, gathering information on relevant assets and fixes, and much more.
One Vulcan automated action = 0.2 person-hours
Raw Attack Surface Data
This graph helps you understand which sources (connectors) retrieve the most significant amount of assets and vulnerabilities from your organization. It visualizes the amount of raw data ingested per connector into the Vulcan Cyber ExposureOS platform before any consolidation and aggregation by the Vulcan Cyber ExposureOS platform's special engines.
Note: The data presented indicates all asset-vulnerability connections observed in all syncs performed by connectors.
Assets Dedup Data
Total Ingested Data: Sum up all the assets collected from all connectors before merging and deduplication.
Unique Assets: Number of unique assets after merging and deduplication after being digested by the Vulcan Cyber ExposureOS platform special engines.
Assets in Risk: Number of unique assets whose prioritized risk score exceeds the SPR threshold. This is where data reduction happens - the Vulcan Cyber Exposure OS platform engines significantly reduce the overwhelming assets data to what matters, the assets you need to look at and focus on.
Prioritize Vulnerabilities by
Unique prioritized vulnerabilities are categorized and prioritized by Risk score, Threat Intelligence sources, SLA Exceeding, and available fixes.
Use this widget to access unique vulnerabilities prioritized by different security dimensions quickly. For example, click "Show hot" to show all the vulnerabilities mainly discussed by the cyber community. Another example is accessing all the vulnerabilities with an available Patch ("With Patches"), so you can quickly get them off the list by remediating using available fixes.
You can also toggle the "Vulnerabilities above Risk Threshold" to reduce the vulnerabilities list and focus only on the ones above the SPR threshold.
Zero-Day
The Zero-day widget shows potentially critical or high-severity vulnerabilities with no available official patch or fixes from the vendor. You can click on "show vulnerabilities" for more details.
Once a patch or a fix becomes available, the vulnerability will disappear from the Zero-Day display.
Top trending CVEs
This widget alternates according to the recently discovered global-event vulnerabilities. Patch against the latest trending vulnerabilities of the month. Click "Read More" to learn more about them.
Top Business Groups by
This heat map lets you view the top Business Groups with the highest Risk Mass or SPR. Use this heat map to prioritize the Business Groups that require more attention.
The blocks' color and size correlate with the SPR score and Risk Mass.
Block size: Reflects the Risk Mass. The larger the rectangle, the larger the Risk Mass is.
Block color: Reflects the SPR risk score (Critical to Low).
What happens when you filter Business Groups by Risk Mass?
You can preview the maximum risks (Risk Mass) gathered per a specific Business Group. The larger the Business Group's square/rectangle, the larger the Risk Mass is, i.e., a higher count of assets with higher risk. The color indication reflects the SPR risk level.
As a CISO and security personnel, you must aim to lower your risk mass by remediating vulnerabilities. Arrange the BGs by Risk Mass to view the business groups with the highest risk mass requiring immediate remediation.
What happens when you filter Business Groups by SPR?
You get to preview the Business Groups colored by SPR risk level (Critical, High, Medium, Low) to determine which Business Group has the highest SPR risk level so you can prioritize it accordingly. This is why when the SPR view is toggled, you'll see a lot of 'red block.' This means that remediation still needs to be done for these business groups and that they have a lot of assets with vulnerabilities and risks above the SPR threshold.
The % of the SPR shown in each block represents the percentage of the assets that meet the risk criteria. For example, 0% SPR means that none of the assets in this Business Group meets the risk criteria - which means that all the assets in this Business Group are above the SPR threshold = Critical risk score as indicated with a red block.
Remediation Campaigns
Insight on the status of the overall campaign. Click to track your active campaigns.
This widget is your way to track the teams fixing vulnerabilities on your assets.
Top Highest-Impact Campaigns
Top 5 campaigns with the highest risk-mass impact on the organization. This widget presents the top in-progress campaigns that fix many risks so you can easily track the progress from the home page dashboard.
It also brings more awareness to using campaigns to make your security program more efficient.
FAQ
Can I see the stats on my tickets (Jira/ServiceNow) in the Vulcan Cyber ExposureOS Home Page Dashboard?
No. For stats on tickets created in Jira or Service now, check the Campaign Tracking Report. The Home Page Dashboard doesn't include stats on campaigns.