The ControlsInsight 2.6 release includes an exciting new asset filtering feature, leveraging Rapid7 RealContext™ and adding tremendous value to users. It is a revolution in the way ControlsInsight can be used henceforth. Prior to this release, ControlsInsight would show how well controls are implemented in a global sense. Version 2.6 moves to a new dimension where customers can view their endpoints' controls effectiveness within a particular business context. ControlsInsight imports the sites, asset groups, and RealContext tags created in Nexpose, enabling users to apply filters to analyze controls effectiveness in a whole new way.
What is Business Context?
Providing business context by grouping and tagging assets helps security professionals identify and reduce the risk that matters to their business. Examples include monitoring controls for a specific set of assets considered risky or monitoring a set of assets owned by a person and evaluating controls effectiveness over a particular period of time.
How Can Asset Filtering Be Used in ControlsInsight?
1. During first-time setup, a ControlsInsight administrator sets a default preference for included sites, which then becomes the global default for all subsequent users. Subsequently, users can choose to set their own default preference by setting asset filters based on sites, asset groups or RealContext tags. In other words, they can choose to only see assets of a particular business context.
2. The different filters from which the user can choose to create his or her own preferences are: Owner tag, Custom tag, Location tag, Criticality tag, Site, and Asset Group. All of these filters, managed within Nexpose, are now visible in ControlsInsight. The user can now opt to create a specific preference based on these tags to suit the business needs and get a view of the product specific to the preference.
3. All ControlsInsight data, including the defense grade, trending graph, controls coverage, guidance report, asset listing and reports, all become specific to the preference created by the user. Only those assets that are part of the preference appear in ControlsInsight. This is a big shift from previous releases, which always adhered to global preferences set by first-time users.
A simple example of these features would be if a user sees a business value in monitoring value assets of Los Angeles location, owned by John and with a criticality Very High. Then the user sets this as the preference. From that point, ControlsInsight reports data only for these assets until the preference is changed.
4. If the user does not want to set a default preference then he or she could just apply a temporary preference for viewing the performance of assets. In this case, the preference will revert to the default global setting when the user logs off from the current session.
Asset filtering in ControlsInsight brings more flexibility and power to the product. The user can take advantage of the huge business value by segregating assets of different priority, monitoring them, and deploying controls to them as needed, rather than taking action on all the assets globally.
Note: Tags, sites, and asset groups must be created in Nexpose before these filters can be used in ControlsInsight.
Below is a screen shot showing the new release of ControlsInsight with filters set for Criticality and Sites:
For more information about the ControlsInsight 2.6 release, please see the release notes. As always, we'd love to hear your feedback, so feel free to add comments below or e-mail Rapid7 product management.