Risk and Context Engine
Risk management section
Overview
The Risk section centralizes all security findings and resources, providing teams with a comprehensive view of their security posture. It leverages Jit's powerful Context Engine to enhance prioritization, ensuring that security efforts focus on the most significant risks.
Understanding the 'Context Engine'
Why do we need a context engine?
In vulnerability management, context is key. While the CVSS severity score measures the inherent risk of a vulnerability, it doesn't account for the environment in which the vulnerability exists. For example, a high CVSS score might be less critical if it affects a non-critical part of your infrastructure. In contrast, a medium CVSS score could be more urgent if it impacts a business-critical system. The Context Engine enhances prioritization by factoring in both the likelihood of exploitation and the potential impact within your specific environment. This ensures that security efforts focus on the most significant risks, not just those with the highest severity scores.
How the Context Engine Maps, Prioritizes, and Scores
- Resource Connection Mapping:
The Context Engine identifies all resources linked to a particular finding or other resource. Starting with a resource , the engine maps out all connected resources that could influence the exposure of the initial resource. For example, a GitHub repository might reveal connections to a Lambda function, which in turn is connected to an internet-facing API.
This mapping can be visualized in the context engine graph:
- Priority Factor Generation and Propagation:
Priority Factors are criteria the Context Engine uses to rank the importance of resources and findings based on the characteristics of affected resources, such as being in a production environment or involving sensitive credentials. These factors are assigned to findings and propagate through connected resources. For example, if an API marked as internet-facing is connected to a Lambda function and a repository, both the Lambda function and the repository inherit the "internet-facing" Priority Factor, ensuring consistent prioritization across the system.
Examples of Priority Factors include:
- Business-critical Service
- Database Access
- Production Environment
- Sensitive Credentials
- Internet-facing
These factors are visible as labels on the resources in the context engine graph:
- Priority calculation:
Each Priority Factor in the Context Engine has a specific weight based on its significance. Jit's risk score assigned to findings and resources is calculated by summing the weights of all relevant Priority Factors. This score reflects the criticality, taking into account the context provided by these factors. For instance, a finding with priority factors like "Production Environment" and "Critical Severity" would score higher than one with less critical factors, effectively guiding the prioritization process.
Updated about 1 month ago