Risk, Warnings & Assessment Grading
Personas: Network Management Team, Audit Team
Risks and Warnings
The NP platforms include a function to automatically identify risk and warnings related to network configurations. Risk are triggered by requirements that are organized into policies. Policies can be assigned to devices through the Policy Management function.
Warnings are generated when a misconfiguration or an unsupported configuration statement is identified.
When a potential risk or warning is identified, it is logged in the “Risks and Warnings” table with a time and date stamp. Each potential risk is assigned a “type” (Risk or Warning) and a Criticality (High, Medium, Low) based on the violated policy. Additionally, the device name and a description of the infraction is listed with the status (New, Confirmed, Resolved, False Positive, Will Not Fix or Fixed).
Risk & Warning Status and Life cycle
For new risks or warnings, the expectation is that the user will review each item, determine if the issue needs to be addressed and they can manually change the action status accordingly.
- confirmed: new risks or warnings that are acknowledged by the user as a valid problem to address
- resolved: risks or warnings that are closed because the problem has been addressed
- false positive: risks or warnings that are closed because they are not a valid problem to address
- will not fix: risks or warnings that are closed because it was decided to not address them
If configured by the administrator, the user can send each risk or warning directly to the service ticketing system ticket by clicking the >> icon.
For each risk or warning, the user can also log a comment and assign it a criticality (Low, Medium, and High)
Upon subsequent network updates, the system will adjust the status if required. For example:
- If the user marks a risk as Resolved and upon the next network update the risk is still identified, the status will automatically be changed to Confirmed.
- If upon the next network update the risk is no longer identified, the status will be changed to Fixed. Fixed items are removed from the list after a period of 7 days.
The risks and warnings table can be searched, sorted by any column, switched to a list view, exported, and configured with alternate columns if required. These functions are available in the upper right corner of the table.
Risk Assessment Grading
At any given time, a monitored firewall can have one or more open risks or warnings. This information is used by our Grading algorithm to provide each router with a letter grade. The quantity, criticality and type of open risks and warnings go into the calculation. This grade informs the users of which devices have the highest security or compliance risks. The lower the letter grade, the higher the risk.
The grade for each monitored router can be seen by clicking on a router on the topology map and reviewing the Risk Assessment Grading on the device menu. Clicking on the menu item displays the details that went into the grade.