PlexTrac Priorities: Metrics

Transcript

Hi everyone, welcome to our demo of the new metrics tab within the PlexTrac Priorities module. Today, we’ll explore how Priorities can help you quantify the impact of proactive security on risk to maximize the value from security data found during pen tests, vulnerability scans and other offensive assessments whether you’re an enterprise company looking to implement a cyber risk management program, or a service provider looking to sell services such as framework based risk management, a dynamic cyber risk catalog, or other risk-based services, let’s start by viewing priorities within a client.

You can either create priorities at the tenancy level or set them up for individual clients or business departments like you see here, which allows permission-based access to only those priorities, which ensures confidentiality and focused remediation. Next, we’ll look at how priorities can be created from data across various reports and assessments. This is crucial to provide a higher level view of recommendations and support proactive risk management based on frameworks or delivering a lightweight cyber risk catalog. It also helps maximize the value of pen testing and other offensive testing by adding a layer of vulnerability management and risk based prioritization onto all of your aggregated offensive security data, let’s create a new priority to highlight a recommended focus area of this client or business.

This is flexible enough to structure recommendations based off custom frameworks or industry standards like CMMC or NIST, depending on which framework are important to your business or to the clients you are providing services to. It also allows for a single pane of glass to review with the team for aligned strategy and business objectives to move forward with.

Now we will link findings to this new priority and a critical step for addressing vulnerabilities.

Similarly, we can link assets to the priority to understand the impact on critical business functions.

Let’s create a contextual scoring equation for more tailored prioritization relative to the impact, value and risk of the different clients or business departments.

This lets you configure unique scoring based on industry needs or individual client or department risk appetites. For an example, say you are an MSSP that has clients in completely different industries such as a bank and a hospital. You want to help each client make informed decisions based on the impact value and risk relative to their specific business and operations. This means you could configure a unique scoring methodology for those two different clients by applying different scoring weights and variables such as asset type or asset tags, so you can effectively identify the level of threat posed to their unique operations in order to help prioritize the mitigation efforts that matter most to them. This ensures effective prioritization that takes into account business context to help make informed decisions or allocate resources to mitigate the threats that pose the largest impact relative to their business. Now let’s explore the new metrics tab from a practitioner’s perspective. These views simplify stakeholder reporting and support effective communication with easy-to-understand visuals that simplify conversations around risk status and progress, especially with a nontechnical audience, quickly and consistently convey risk status and insights in real time to show measurable progress over time.

With graph and chart-based views you can drill into to make status reporting a breeze.

This will help to facilitate conversations around how your cyber risk management strategy is contributing to organizational objectives and performance, as well as tracking remediation progress while providing actionable insights to make informed decisions. The top summary widgets provide deeper insights, offer a quick summary view of the status of your priorities that you can click into to help drill down into specific areas needing attention.

Finally, let’s highlight the customer portal experience crucial for client or stakeholder communication. This also ensures all stakeholders have a method to maintain visibility into progress updates. By providing transparency around their security posture and may be kept informed via automated email notifications, we can sort priorities to manage them more effectively, especially across multiple clients or business departments.

The ability to dynamically interact with this data method enables you to quickly identify the most crucial tasks.

It can also serve as a solution for a cyber risk catalog that can be managed and updated in real time, keeping your cyber risk tracking in sync with all of your cybersecurity activity such as new scans, pen test data or remediation activities. Priorities data can also be exported in your report exports. You can contact our support portal for more information about how to add that data to your current report export template. Thank you for watching this demo of the new metrics tab in the priorities module. For any questions or further details, feel free to reach out to our team. This feature is flexible and can be tailored to your business or client needs.