About Risk Analyzer

Using the most up-to-date configurations of your monitored security assets, Risk Analyzer allows you to consistently manage the risk on your network, generate simulated attacks on network segments, evaluate recommended patches, and improve your network's risk exposure.

Risk Analyzer highlights known vulnerabilities that an adversary could exploit. Working with the map, you can find and select hosts from which to generate attacks, and visually overlay attacks on the network map to show the location and nature of the vulnerabilities that are most likely to be exploited, as well as the following information.

  • The vulnerabilities that provide the most access to the rest of the network.
  • The vulnerabilities that are most critical to an attacker's progress.
  • The vulnerabilities that are most likely to put an organization's mission at risk.

Risk Analyzer generates a list of patch recommendations, prioritized by the combination of severity and asset value, so that you can model the most effective fixes first. Risk Analyzer does not actually apply the patches on your network, but models how those patches would reduce your risk exposure. Once you choose which patches to implement, Risk Analyzer allows you to apply the selected patches and re-run the risk analysis in real time.

Risk Analyzer takes into account interactions among vulnerabilities to determine which vulnerabilities are most critical to an attacker’s progress. Then, using a ratio of the value and quantified compromise level of exposed assets to the sum of all asset values, Security Manager provides a statistical assessment of risk. System administrators can analyze the attack graphs and statistics to determine which security measures to deploy to defend their network. Administrators can also use this information to perform hypothetical attack analysis of zero-day vulnerabilities to identify critical attack vectors and evaluate potential attacks before they take place.

To access Risk Analyzer from Security Manager, you must have a Risk Analyzer license for the domain that the user is logged into, as well as access to either the 'All Devices' device group and/or another user-configured device group (within the licensed domain) that has the behavioral analysis setting enabled.

Prerequisites

Before you can access Risk Analyzer within Security Manager, you must fulfill the following prerequisites.

  • You must have permission granted to access the device group you want to analyze.
  • You must have a Risk Analyzer license for your Security Intelligence Platform domain.
  • You must have behavioral analysis enabled for the device group you are analyzing. To enable behavioral analysis, see Enable Behavioral Analysis.

Behavioral analysis on the All Devices device group is enabled by default, but it may not be enabled for user-configured Device Groups upon which you may want to conduct risk analysis.

License Risk Analyzer

Each asset that you want to import and analyze with Risk Analyzer must have a license. So if you have 1,000 assets but only a license for 500, only the first 500 assets will be imported and used within Risk Analyzer to be reviewed for vulnerabilities. Licenses are assigned in the Administration module. To load a Risk Analyzer license, see the Upload a License topic.

Set Permissions

You will need to grant Write permissions to Risk Data (Administration tab), Read permissions to Risk Analyzer (Application tab), and Write and Risk permissions to Device Groups (Device Group tab). Permissions are set at the user group level in the Administration module. To set permissions, see the Assign Permissions topic.

Open Risk Analyzer

Risk Analyzer is accessed from within the Security Manager module.

  • On the Security Manager toolbar, click Risk Analyzer.

If there is no behavioral analysis data to display, you will not be able to open Risk Analyzer.