Using AI and search to create a risk calculator
#Ibm x force how to
As a result, these companies are asking how to prioritize an approach to risk so they can address the most urgent problems first. Fixing those problems requires expertise and time. Typically, businesses will find that some portion of their checks are non-compliant at any given time due to, for example, misconfigurations, default passwords or lax controls on permissions. Modern compute environments need to be compliant with tens (if not hundreds) of policies, and each policy on average may have hundreds of checks. And these findings add up fast-companies are typically overwhelmed with the amount of data they need to deal with when it comes to increasing resistance strength.
While some of these documents do offer guidance in terms of their risk priority, some do not-and there is not a 10-point scale as we see in the CVE world. To measure the resistance strength of your cloud environment, you need to measure the risk of each control specified in best practices documents such as (CIS) Benchmarks or the US DoD Security Technical Implementation Guides ( STIGs). To meet those needs, IBM Research and IBM’s X-Force Red security teams have created a way for companies to measure an asset’s “resistance strength”-a term coined by the popular FAIR risk management model to measure an asset’s ability to defend itself. The number of Common Vulnerabilities and Exposures has risen steeply in the past year, up from more than 144,000 in late 2020 to more than 171,000 at recent count. However, too many standards-the Center for Internet Security (CIS) alone features more than 140 published benchmarks-confuse the tools used to accurately analyze risks in different user-specific environments, delaying much-needed security improvements. Tools to automate such practices are likewise becoming more prevalent. To mitigate such security threats, more and more industry standards and benchmarks have been proposed to monitor, visualize and remediate cloud security postures. The number of Common Vulnerabilities and Exposures (CVE) in the National Vulnerability Database, for example, has risen steeply in the past year, up from more than 144,000 in late 2020 to more than 171,000 at recent count. Tools that use industry standards and benchmarks to monitor and visualize the security posture of hybrid cloud environments are getting more popular as cloud management becomes more complex, and attacks grow more sophisticated.
0 kommentar(er)
