The Panaseer Metric catalog contains a complete list of metrics available on your platform and is accessed via the left panel:
A metric refers to a quantifiable measure used to monitor, evaluate, and report on the performance, status, or compliance of cybersecurity controls and processes.
Security areas
Metrics provide data for certain categories of risk areas. For example, one set of metrics may focus on you device inventory, whilst another set may focus on the status of software patches across your infrastructure.
Panaseer's metrics are categorised by these security areas, which you will see in the filter options when you click Browse all metrics.
These security areas are also known as Control Domains, as they represent different domains in which your cybersecurity controls operate.
For a complete list of domains and their metrics, see Control Domains.
Metric types
The Platform comes with several categories of metrics and measures to ensure you have a high quality, effective measurement program that follows data science best practice. Throughout this guide you’ll see examples of all of these, so here’s a quick introduction to what they are and the value they provide.
Informational measures
Informational measures are straightforward counts and sums. For example, total number of vulnerabilities, or total number of Windows 7 machines. They are the building blocks for many of our more complex measurements.
Coverage metrics
Coverage metrics provide essential context for any performance measures. It is measurement best practice to be aware of what information you cannot capture. For example, there is no information on the state of vulnerabilities on devices that have not been scanned. Therefore, we strongly recommend that for every security area you assess, you track the coverage and completeness of the data sources.
For example, the % of all eligible users who have received a phishing test (coverage metric) provides context for the % of users who failed a phishing test (policy metric). These metrics are also useful to help ensure your control tooling is deployed everywhere it should be.
Policy metrics
Policy metrics allow you to track adherence to standards across your organization. You can measure performance against your in-house standards by using Control Checks Builder, a capability of the Panaseer Platform, that enables you to tailor their value and scope as required.
You can also check your compliance against regulatory standards by configuring the scope of assets in your organization to which these apply. Policy metrics will automatically reflect these values. They are a great way to get started with CCM, by assessing how well you are currently enforcing the policies you have laid out
Diagnostic metrics
If you have identified areas of subpar performance using policy metrics, diagnostic metrics provide more in-depth insight that helps you to narrow down the root cause and quickly identify actions that help reduce risk.
Compound Risk metrics
Compound Risk metrics pull together data across multiple security domains to help identify toxic combinations of risks. Toxic combinations are when risks from different domains coexist on a particular resource.
For more information see Compound risk metrics.
Metric catalog and collections
Metric collections provide a mechanism to group multiple metrics together that users can browse on the collections page. The purpose of collections is to help users discover the breadth of our content.
There are many reasons why the number of ingested records you see differs from the number you expect to see based on your knowledge of the data source. Below are a few critical causes of discrepancies and how to identify them.
Browsing the metrics catalog
You can explore the catalog by searching or browsing.
- Use the search bar in order to find metrics by name, tag, framework or keyword.
- Click on Browse the catalog to open the Metric Search page.
Searching and browsing provide a set of filters to narrow down your search. Select values under the following categories:
- Security area
- Metric type
- Metric status
- Security framework
Metric Catalog search results
Here you can view the metrics that are viewable, based on the filters that you have selected.
You can click on the Show detailed results to see additional information like Security area(s), Security framework(s) and Has control checks? Yes or No.
Inspecting Metrics
Click on any metric to open the metric detail page, which contains an extensive list of metric attributes and a list of dashboards that use the metric.
Comments
0 comments
Please sign in to leave a comment.