The vulnerability analysis dashboard in OT-BASE Vantage is an addition to the vulnerability management workflow built into OT-BASE Asset Center. There are some functions that can be better analyzed in Asset Center, and others that are better approached using Vantage. Overall, Vantage gives a much more high-level view at vulnerabilities than what you find in Asset Center.
The vulnerability dashboard in OT-BASE Vantage comes with eight widgets:
- A bar chart showing the number of known vulnerabilities for all devices in the data set, devided by the four priority categories. (If you are new to OT-BASE, note that the priority of a vulnerability is identical to the respective CVE's severity, but can be modified by the user.)
- A bar chart showing the number of vulnerable devices in the data set, for each vulnerability category.
- A scatter plot that shows devices and their position and size in the vulnerability / risk space, expressed in number of vulnerabilities per device and cumulated risk score per device.
- A line plot showing the acquisition of known vulnerabilities over time. This plot shows the same data as the one exactly below, but cumulated.
- A table listing the top ten critical CVEs, along with the number of vulnerable devices and a cumulated score (CVSS base score multiplied by number of vulnerable devices).
- A table listing of vulnerable devices, ranked by risk score. Unlike the cumulated vulnerability score from the preceding table, the risk score also factors in device criticality.
- A Pareto chart showing devices by risk score, beginning with the highest risk score and ending with a risk score of zero. The order of devices on the x axis corresponds to the position of devices in the table to the left. A line chart shows cumulated risk score expressed as a percentage value.
- A line plot showing known vulnerabilities as acquired over time. This plot shows the same data as the one exactly above, but as raw data.
Vulnerability bar chart
Similar to IT vulnerability scanners, OT-BASE Vantage displays unpatched vulnerabilities that affect your installed base in a bar chart, odered by CVE priority (top left widget). CVE priority is identical to CVSS severity by default, but can be changed by the user.
Use the mouse to point to the various bars in order to obtain exact numbers. In the following example, we point to vulnerabilities with medium priority in oder to learn that there is a total of 229,480 of these.
Top 10 critical CVEs table
The widget below the above mentioned bar chart lists the ten most important CVEs, ranked by CVSS base score times number of vulnerable devices (the compound score, or CScore).
In order to get additional details on any of the vulnerabilities listed you may simply input the CVE ID in the quick search field in OT-BASE Asset Center in order to launch the CVE profile, which contains a description and additional context information, such as the identity of vulnerable devices.
Number of vulnerable devices bar chart
The number of vulnerable devices is shown in a separate bar chart, ordered by the four priority categories. Pointing the mouse to any of the bars will pop up detailed numbers. In the example below we learn that 456 devices have vulnerabilities with critical priority.
Devices by risk score table
What are your most vulnerable devices, ranked by risk score? The second table in the vulnerability dashboard answers this question. Risk score factors the CVSS base score of a device's vulnerabilities in, and also the criticality of a device.
Devices by risk score plot
A table is good for several things, but usually not so good for getting the big picture. The devices by risk score plot attempts to do just that, allowing you to spot outliers.
In the scatter plot, vulnerable devices are symbolized by markers. Pointint to a marker will pop up the details for the device. In the example above, we point to a device with the device ID P56.Desktop88 and learn that it has 1280 vulnerabilities and a risk score of 19,539. As above, risk score factors in the criticality of a device. Critical devices also stand out due to bigger marker size.
For non-critical devices you will basically see a linear distribution. The more vulnerabilities, the higher the risk score is going to be. Logically, devices with more than 1,000 vulnerabilities will not be easy to protect by patching. Note that the device at the far right end of the distribution has more than 3,000 vulnerabilities.
Devices by risk score Pareto chart
The next chart gives you an idea how many devices you would need to fully patch in order to achieve a significant amount of risk reduction.
Devices are ranked from left to right according to their risk score (factoring in criticality). In our example, we have one significant outlier (P56.Desktop3, as can also be seen in the list left to the chart), which is displayed as the leftmost bar. Thereafter, risk scores get a bit more evenly distributed. Use the mouse to learn how many devices you need to fully patch in order to achieve a desired level of risk reduction. In the example, we learn that we would have to patch 173 devices in order to cut risk in half.
How many vulnerabilities do you acquire, and when? The vulnerability trend widget provides answers. In this example, it tells us that over 5,000 critical vulnerabilities had been acquired on August 20, 2019. (It also tells us that a couple hundred critical vulnerabilities are around since the beginning of 2016.)
Vulnerabilities by age
An even better insight into the age of vulnerabilities is presented by the widget right on top of the previously discussed one. It uses the same data set as above, but with cumulated values. This way you can learn how old the bulk of vulnerabilities is that plagues your installed base. In the example below we learn that approximately half of the critical vulnerabilities were published by the end of 2018 or earlier.