★Start Free★
Guides

Contextual prioritization (Context Engine)

Suggest Edits

Understanding the 'Context Engine'

Why do we need a context engine?

In vulnerability management, context is key. While the CVSS severity score measures the potential risk of a vulnerability, it doesn't account for the environment in which the vulnerability exists. For example, a high CVSS score might be less critical if it affects a non-critical part of your infrastructure. In contrast, a medium CVSS score could be more urgent if it impacts a business-critical system.

The Context Engine enhances prioritization by factoring in both the likelihood of exploitation and the potential impact within your specific environment. This ensures that security efforts focus on the most significant risks, not just those with the highest severity scores.

Here is a demo video for using Jit's contextual prioritization:


How the Context Engine Maps, Prioritizes, and Scores

  1. Resource Connection Mapping:

The Context Engine identifies all resources linked to a particular finding or other resource. Starting with a security finding and the resource where the security finding resides, the engine maps out all connected resources that could influence the exposure of the initial insecure resource.

For example, a GitHub repository might reveal connections to a Lambda function, which in turn is connected to an internet-facing API.

This mapping can be visualized in the context engine graph, which is automatically generated for each security finding once the user has integrated Jit with their AWS environment:

  1. Priority Factor Generation and Propagation:

Priority Factors are criteria the Context Engine uses to rank the importance of resources and findings based on the characteristics of affected resources, such as being in a production environment or involving sensitive credentials. These factors are assigned to findings and propagate through connected resources.

For example, if an API marked as internet-facing is connected to a Lambda function and a repository, both the Lambda function and the repository inherit the "internet-facing" Priority Factor, ensuring consistent prioritization across the system.

These Priority Factors are automatically assigned to resources by the Context Engine.

Examples of Priority Factors include:

  • Database Access
  • Production Environment
  • Sensitive Credentials
  • Internet-facing

There are also manual labels that can be added, like "Business-Critical".

These factors are visible as labels on the resources in the context engine graph:

  1. Priority calculation:

Each Priority Factor in the Context Engine has a specific score which is weighted based on its significance. Jit's risk score assigned to findings and resources is calculated by summing the weights of all relevant Priority Factors.

This score reflects the criticality, taking into account the context provided by these factors. For instance, a finding with priority factors like "Production Environment" and "Critical Severity" would score higher than one with less critical factors, effectively guiding the prioritization process.

Updated 6 days ago