Effective security metrics are frequently used to drive security performance improvements and overall risk reduction. However, they’re often not relevant to the business, as well as difficult to quantify and communicate. Rapid7 InsightVM’s new Goals & SLAs feature helps security teams define relevant and meaningful metrics so they’re able to set goals against them, track individual and team progress, and receive alerts when goals are achieved or missed.
The Goals & SLAs feature allows security teams to know what they should focus on and what they need to do to achieve their goals. It also enables better communication with others in the company in a way they can understand. Specifically, email notifications can automatically be sent for any changes in goal status, so you can avoid manual tracking efforts. And, if you add your goal to your dashboard, it will display graphically so you can see progress at a glance.
InsightVM offers three types of metrics to be tracked:
1. Time-bound goal
A time-bound goal lets you specify metrics for assets and vulnerabilities and assign a target date so you can track your progress as your deadline approaches. As an example, you can create a time-bound goal to remove 100% of Windows 7 desktops across the entire organization by Jan. 14, 2020. Time-bound goals have static scope, which means the scope of assets or vulnerabilities will be defined at the time of the goal creation and will not change, even if there are new assets or vulnerabilities found later on.
2. Continuous goal
A continuous goal lets you monitor progress or criteria without a time limit, such as a rule or key performance indicator. For example, if you want all your external-facing assets to have a closed SSH port, you can track this with a continuous goal. These have dynamic scope, which means any new asset or vulnerability discovered will be part of the metric.
A service-level agreement (SLA) goal—which will be released within the next several months—lets you track overall remediation of certain policies over a dynamic timespan. For example, you could set out to remediate 100% of critical vulnerabilities in production environments within three days of discovery, or remediate 75% of Windows Servers within 15 days of asset discovery date. SLAs also have dynamic scope.
How to create goals in InsightVM
Let’s take a look at the following use case: Your organization would like to limit the risk score for assets identified as high-risk. Let’s say your target is ensuring more than 80% of your assets have a risk score of less than 10,000. This is a continuous goal you can define in InsightVM with the new feature.
Now, let’s go through the screens to show you how you can set up the metric and view your progress afterward:
- After logging in to InsightVM (if you’re not an InsightVM customer you can get a full-featured trial here), click on the “Goals & SLAs” icon on the left navigation bar.
- Click on “+ New Goal,” which will open up the wizard to walk you through the next steps.
- In this scenario, select “Continuous” as the goal type, then click on “Continue.”
- This is where you define the scope for the assets and vulnerabilities. In this example, our asset filter is: asset.tags IN [ "high risk" ]. Click here for more information on how to create filter queries in InsightVM.
- Next, specify the criteria. This is where you actually define the metric. In our example, here is how we fill out the fields:
- Next, you will give a name to your goal, then select on which dashboard(s) you would like a card for the goal.
- Once you save the goal, it will appear on the listing page, which is where you see all of your goals and their statuses.
- Clicking on any of the goals takes you to the details page for that particular goal.
- Finally, here is how your dashboard card will look after the goal creation:
Alternatively, you can add a new Goal Card to any of your dashboards by clicking on the “+ Add Card” button on the dashboard and selecting the appropriate goal card.
After the blank card is added to your dashboard, you will select which goal should appear in it as follows:
With the next version update of this new feature, we will also enable email notifications when your goals change status or when they are complete (if they are time-bound). Here is an example of an email notification:
Once you identify the metrics that are important for your your organization’s security practices, InsightVM makes keeping track of your progress against those metrics both easy and painless. This is yet another way we help teams optimize their security operations and focus on risks that matter.