This essential and comprehensive article teaches you about Business Groups and Asset tags (Vulcan tags) in the Vulcan Platform. We'll start with introducing you to the meaning, value, and impact of Business Groups and Asset tags. Then, you’ll learn how Business Groups and Asset tags are integral to managing vulnerabilities and prioritizing remediation. Later, you’ll learn how to create and manage Business Groups and Asset tags.
Why is it essential to create and use Business Groups?
How to manage and create Business Groups and Asset tags
What’s a Business Group?
You can think of a Business Group as a collection of assets, defined by you, that represents a Business Unit in your organization. Business Groups segment your environment into more manageable, meaningful chunks. Create Business Groups to reflect the organizational structure, different technologies, geographic location, departments, or anything that helps you categorize and prioritize assets in your organization.
What’s an Asset Tag?
Asset Tags allow you to organize your assets based on dynamically applied rules. Each asset can have multiple tags associated with it. There are two types of Asset Tags, Imported Asset Tags and Manually Created Asset Tags (Vulcan Tags).
Why is it important to create and use Business Groups?
Business Groups and Asset Tags bring order to the security posture of your organization.
Before we jump into functionality and implementation, let’s talk about why it is essential to set up Business Groups in your environment and how they differ from Asset Tags.
Asset data is one of the factors in prioritizing risk and managing vulnerabilities (you can click here to learn about the Asset-Vulnerability-SPR-SLA correlation).
Your organization has hundreds and thousands of assets. Each asset has a purpose, users, priority profile, and cyber security impact. Now imagine that you pull all these assets into the Vulcan Platform without categorizing or intersecting them. Messy, isn’t it? You could never track your cyber security posture and take remediation actions efficiently without making some order first. This is why Vulcan created the Asset Tags and Business Groups features - the tools to categorize and add order to your asset data. Bottom line, Business Groups is the tool to prioritize vulnerability management by categorizing your assets.
Business Group vs. Asset Tag - Usage and utilization across the Vulcan Platform
View widgets, trends, and metrics that are Business-Groups-oriented, including:
Use in Dashboard to view the Top Business Groups affected by Risk Mass and SPR
How to filter views and results based on Asset tags and Business Groups
Filtering the Vulnerabilities and Assets views to present vulnerabilities or assets that have a specific Asset Tag:
Filtering the Vulnerabilities, Assets, and Remedies views focusing on the Business Groups most important to you:
Accessing Business Groups and Asset Tags Management Pane
You can find the Business Groups and Tags management pane under Assets. The Tag Management pane displays all the created or imported tags and Business groups.
Imported Asset Tags - Set impact and use as Business Group
The Vulcan Platform automatically imports tags from connectors and applies the tags to the relevant assets. This saves you from having to re-tag thousands of assets. You can keep using the tags you’ve been using until now and import them into the Vulcan Platform.
This is what imported tags look like in the Vulcan Platform Tag Management:
Go to Assets
Look under the Business Groups & Tags pane on the right.
The question is, how would these tags serve you in managing and prioritizing your cyber security posture?
You can (and should) assign an Impact (High > Low) to Imported Tags, and you can also edit the tag's name.
Create a Business Group based on an imported tag or more
Managing Imported Asset Tags
Click on an imported tag
Review its associated assets under Hosts, Code Projects, Websites, Images, and Cloud Resources to decide on the impact of the tag.
If relevant, set the Impact to prioritize the assets associated with this tag:
If relevant, mark the tag as a Business Group:
How to create Asset Tags (Vulcan Tags) and Business Groups
Are you creating a Business Group or an Asset tag? that is up to you to decide. It is the same process for both. If you are unsure whether you wish to create a Business Group or just a tag, start creating a tag and simply check the “Use as Business Group” once relevant (Step 7 below).
Go to Assets > Click on +Add and select New Tag / Business Group
Give your tag/business group a meaningful and unique name.
Set Impact score – high, low, medium or leave it unassigned. This will allow Vulcan’s risk algorithm to rank vulnerabilities on the assets with a business impact in mind.
Select the conditioning method:
Match All (the "and" condition): Only results that match all filters
Match Any (the "or" condition): Results that match at least one of the filters
Select how to match the tag:
Naming convention: Enter a text string to match an asset's name. Any asset whose name contains the string will be tagged.
Subnet: Enter a subnet formatted as an IP address and a CIDR. Any asset with IP in that subnet will be tagged.
Follow other tags: Choose an existing tag or tags. Assets with the selected tags will be tagged.
Follow a saved search
Specific assets: define specific assets
External facing: Usually, external facing assets are recognized automatically by the Vulcan platform and tagged as "External Facing". You can also manually define the asset that can be accessed from outside the organization. Read all about it here.
Optional: You can manually include Code Project or Website assets to these matches. This allows you to create a unified, hybrid tag comprised of infrastructure and AppSec assets.
After creating your conditions, look at the preview section to see if the results match your created conditions.
Optional: Check the “Use as Business Group” checkbox to use this tag as a Business Group.
Learn about the difference between a Business Group and an Asset tag in terms of usage.
The created tag or Business Group dynamically updates any new/existing assets that match the conditions.
How to create an asset tag (Vulcan tag) and then mark it as a Business Group:
My Business Group’s impact differs from the Asset Tag impact it follows. So what determines the final impact of the Business Group?
If, for example, you have a High Impact Business Group comprised of Low-Medium impact Asset tags, the unit with the highest impact determines the actual severity. In this case, the final impact is High.
The same would be true if it were the other way around.
What’s the difference between managing Vulcan tags vs. imported asset tags?
You can edit and change the conditions, name, and impact of Vulcan tags (i.e., manually created asset tags).
As for imported tags, you can only edit the name and modify the impact.
How do users usually define their business groups?
One recommended way to set the groups is by the organizational groups that own the different assets and are responsible for the assets’ remediation.
Another option is to set groups by the OS, e.g., Windows desktop, Windows server, Linux, etc.
Another option, for application security purposes, is to set the business groups based on the different applications managed within the organization.