Overview

This essential and comprehensive article teaches you about Business Groups and Asset tags in the Vulcan Platform. We'll start by introducing you to the meaning, value, and impact of Business Groups and Asset tags. Then, you’ll learn how Business Groups and Asset tags are integral to managing vulnerabilities and prioritizing remediation. Later, you’ll learn how to create and manage Business Groups and Asset tags.

Value and Impact

Business Groups and Asset Tags bring your organization's business context into the Vulcan Platform and impact your entire vulnerability management and security posture.

Before we jump into functionality and implementation, let’s talk about why it is essential to set up Business Groups in your environment and how they differ from Asset Tags.

Asset data is one of the factors in prioritizing risk and managing vulnerabilities.

Your organization has hundreds and thousands of assets. Each asset has a purpose, users, priority profile, and cyber security impact. Now imagine that you pull all these assets into the Vulcan Platform without categorizing or intersecting them. Messy, isn’t it? You could never track your cyber security posture and take remediation actions efficiently without making some order first. This is why Vulcan created the Asset Tags and Business Groups management features - the tools to categorize and contextualize your assets so you can prioritize vulnerability remediation based on your business context.

Business Group vs. Asset Tag

What’s an Asset Tag?

An Asset Tag is a basic piece of information in a tag (#) form attached to an asset.

Asset Tags allow you to organize your assets based on dynamically applied rules. An asset can have multiple tags attached to it. An Asset tag can represent a business or technical info associated with the asset, for example, #external-facing or #https-server. Asset tags can be either created in the Vulcan Platform or imported through connectors. Asset tags are mostly used for filtering and identifying assets across the Vulcan Platform. Usually, asset tags are used to create a Business Group.

There are 2 types of Asset Tags, Imported Asset Tags and Manually Created Asset Tags (Vulcan Tags).

What’s a Business Group?

You can think of a Business Group as a collection of assets, defined by you, that represents a Business Unit in your organization. Business Groups segment your environment into more manageable, meaningful chunks. For example, "Finance" or "Production". A Business Group can contain all the assets that are associated with that business unit. Unlike Asset Tags, Business Groups are way more manageable, practiced, and impactful across the Vulcan Platform views, and are used in several capabilities and features. For example, you can define SLA policies per Business Group and impact your entire vulnerability management and prioritization.

Create Business Groups to reflect the organizational structure, different technologies, geographic location, departments, or anything that helps you categorize and prioritize assets in your organization.
Check out this best practice we created of Key Considerations when creating Business Groups.

Bottom line, "Business Groups" is the tool to prioritize vulnerability management by categorizing and contextualizing your assets into organizational business units.

Usage and utilization across the Vulcan Platform

What happens when you promote an asset to a business group and vice versa?

Asset Tag Usage

Business Group Usage

Filter Vulnerabilities and Assets by asset tag(s).
Use as a condition in creating automation (Playbook).
Use as a building block for creating a Business Group.

Filter Analytic reports to view data cuts focusing on your most important Business Groups.
View Analytic widgets, trends, and metrics that are Business-Groups-oriented, such as
Assets by Business Groups, SPR Compliance by Business Group,
Campaign due-date compliance by Business Groups, Most SPR Compliant Business Groups, Most SPR Vulnerable Business Groups,
Vulnerability Instances Exceeded SLA by Business Group and Risk Level, and much more.
Filter Dashboard to view overall risk, tasks, and actions calculated and performed by the Vulcan platform per Business Group.
Use in Dashboard to view the Top Business Groups affected by Risk Mass and SPR
Filter the Vulnerabilities, Assets, and Remedies views focusing on the Business Groups most important to you.

FAQ

What happens once you convert/promote an Asset Tag to a Business Group and vice versa?

When converting an Asset Tag into a Business Group (or vice versa) on the Vulcan Platform:

Processing Time: The transition isn't instantaneous. The platform requires time to compute and apply the change across its system. This delay ensures accurate updates are reflected platform-wide. Depending on the scale of the environment, the update process could take up to a full day.
Visibility Shift: Upon conversion, the entity will shift categories; an Asset Tag promoted to a Business Group will vanish from the Asset Tags list and emerge within the Business Groups section. The reverse occurs when a Business Group is demoted to an Asset Tag.
Search and Filtering Differences: The platform treats Asset Tags and Business Groups distinctly in terms of navigation and searchability. While Business Groups are accessible through their specific search and filter bar, Asset Tags are integrated into the platform's Magic Search, found under Assets > Asset Tags. This differentiation streamlines the search process, allowing for more efficient data management and access.
Business Groups Search bar:
Asset Tags Search bar:

Managing Asset Tags

Learn all about managing and creating Asset Tags.

Managing Business Groups

Learn all about managing and creating Business Groups.

Security Posture Rating (SPR) and Risk Mass

Dashboard Widgets

Risk Calculation and Prioritization

Vulnerabilities Triage Best Practice

Business Groups Structuring - Best Practice