About Business Groups
Business Groups bring your organization's business context into the Vulcan Platform and impact your vulnerability management and security posture. You can think of a Business Group as a collection of assets, defined by you, that represents a Business Unit in your organization. Business Groups segment your environment into more manageable, meaningful chunks. For example, "Finance" or "Production".
For more context about Asset Tags and Business Groups, click here.
Business Groups Hierarchy
The Business Group Hierarchy feature lets you reflect your organizational structure on the Vulcan Platform.
To access and manage Business Groups:
Go to Settings > Business Groups
Through the Business Groups setting page, you can:
Create new Business Groups and assign them within the hierarchy.
Edit and reorder Business Groups by clicking on them. Users can modify associated assets and reorganize the hierarchy using a simple drag and drop functionality.
Delete a Business Group by hovering over it, selecting the menu button on the card, and choosing the delete option.
The Business Group Hierarchy provides a clear visual representation of the organizational structure:
View the hierarchy using the Org tree format.
Each parent card displays important details such as the group name, number of associated assets, business impact, and number of children.
Navigating and exploring the Business Group Hierarchy is made easy:
Expand the hierarchy by clicking on the arrow beneath each business group.
Scroll horizontally and vertically to view the complete tree.
Adjust the zoom level to observe the entire hierarchy without losing important information.
Utilize the search function located at the top-right corner to quickly find a specific business group by name.
Creating a Business Group
Go to Settings > Business Groups
Click on New Business Group.
In the Business Group info:
Give your business group a meaningful and unique Name.
Set Business Impact score – high, low, medium, or leave it unassigned. This will allow Vulcan’s risk algorithm to rank asset vulnerabilities with a business impact in mind.
Select the SLA Policy the business group will be entitled to.
Select the business group's Parent (Where do you want it in the organizational hierarchy?). If this is not your first Business Group, and you already have other Business Groups, you can select the place of the Business Group in the Business Groups hierarchy and set the parent.
Click Next.
In the Asset selection:
Select the conditioning method:
Match All (the "and" condition): Only results that match all filters
Match Any (the "or" condition): Results that match at least one of the filters
Select how to match the tag:
Naming convention: Enter a text string to match an asset's name. Any asset whose name contains the string will be tagged.
Subnet: Enter a subnet formatted as an IP address and a CIDR. Any asset with IP in that subnet will be tagged.
Follow other tags: Choose an existing tag or tags. Assets with the selected tags will be tagged.
Follow a saved search
Specific assets: define specific assets
External facing: External facing assets are usually recognized automatically by the Vulcan platform and tagged as "External Facing". You can also manually define the asset that can be accessed from outside the organization. Read all about it here.
Optional: You can manually include Code Project or Website assets to these matches. This allows you to create a unified, hybrid tag comprised of infrastructure and AppSec assets.
After creating your conditions, look at the preview section to see if the results match your created conditions.
The created business Group dynamically updates any new/existing assets that match the conditions.
When done, click Create.
Creating an AppSec Business Group
Suppose you’re creating and benefiting from digital assets like applications and websites. In that case, the Application Security report helps understand the risk impact and SPR of AppSec assets, i.e., Code Projects and Websites, on your organization. Many customers create dedicated AppSec Business Groups to learn about and visualize better the impact of their AppSec assets vulnerabilities on the SPR of the organization.
To create an AppSec-dedicated business group, follow the procedure described in "Creating a Business Group". Keep in mind the conditions to include only AppSec assets.
Creating a dedicated AppSec Business Group also helps you utilize the Application Security Report insight and value.
Reordering Business Groups
To reorder your Business Groups:
Go to Settings > Business Groups.
Option 1: Click on a Business Group and modify the Business Group Parent. Then, click Save.
Option 2: Click on Reorder Business Groups and drag-and-drop business groups to reorder the structure.
Business Groups across the Vulcan Platform
FAQ
My Business Group’s impact differs from the Asset Tag impact it follows. So what determines the final impact of the Business Group?
If, for example, you have a High Impact Business Group comprised of Low-Medium impact Asset tags, the unit with the highest impact determines the actual severity. In this case, the final impact is High.
The same would be true if it were the other way around.
How do users usually define their business groups?
One recommended way to set the groups is by the organizational groups that own the different assets and are responsible for the assets’ remediation.
Another option is to set groups by the OS, e.g., Windows desktop, Windows server, Linux, etc.
Another option, for application security purposes, is to set the business groups based on the different applications managed within the organization.