This article gives you an overview of Panaseer control coverage, what it means for a Device to be covered by a control and a step-by-step guide that helps you create your control coverage Dashboard.
Checking the coverage of your security controls
Control coverage is the term used to describe how well your security controls cover your Devices. For example, if we say that your vulnerability scanner covers 50% of your Devices, it means that it is scanning 50% of your Devices.
Control coverage can be defined in many ways, and the value of control coverage metrics will vary. For example, you could determine the control coverage of your AV tool as follows:
- The Device is covered if it has the AV tool installed.
- The Device is covered if it has ever had a record in the AV tool.
- The Device is covered if it has had a record in the AV tool in the last 14 days.
The logic we use to define control coverage within the Panaseer platform is configured via Control Checks. For each data source or Control that you'd like to measure the coverage of, we create a specific Control Check to define what that means. Every coverage Control Check has three distinct pieces of logic:
| Piece of logic | Description |
|---|---|
| Expected | The first piece of logic defines the set of Devices that are expected to be covered by your control. |
| Seen | The second piece of logic defines what it means for a Device to be 'seen' by the control. |
| Recently | The third piece of logic defines how recently a Device needs to have been 'seen' by the control for us to consider it covered. |
A control covers a Device if it is expected to be covered and has been seen by the Control recently (i.e., the Device passes all three pieces of logic).
Control checks - the codification of a policy
A control check serves as a measurable, automated test that translates or "codifies" a specific cybersecurity policy into actionable checks. Essentially, it takes a policy, such as ensuring that all devices have up-to-date antivirus software, and turns it into a series of programmed rules or conditions that the platform can verify across the organization’s assets. Checking each asset and flagging if it passes or fails the check.
By codifying policies into control checks, Panaseer enables continuous, automated monitoring that quickly identifies areas where security requirements may fall short, helping organizations maintain consistent compliance and improve their cybersecurity posture.
Control Check logic example
For your AV tool, your Control Check logic might look like this:
It is essential to understand this definition of control coverage, as it is the foundation of all coverage-based metrics you see on your Dashboards.
Several metrics are based on these coverage Control Checks, for example:
- Devices expected in a source - The number of Devices that pass the 'Expected' logic.
- Number of Devices missing from a source - The number of Devices that pass the 'Expected' logic but fail the 'Seen' or 'Recently' logic.
- Percentage of Devices missing from a source - The percentage of Devices that are missing from a source, out of those that are expected in a source.
As you can see, to understand these metrics, you must first understand how your coverage Control Checks have been configured and the impact that the logic has on the definition of control coverage. As a summary of possibilities when it comes to coverage categories:
| Coverage category | Expected | Seen | Recently | Description |
|---|---|---|---|---|
| Covered | Device is covered by the control, as expected. | |||
| Missing | Device is missing from the control, as it is expected and has been seen, but not recently enough. | |||
| Missing | Device is missing from the control, as it is expected but hasn't been seen. | |||
| Review | Device has been seen by the control and is not expected. This should be reviewed as it indicates a configuration issue within the Control Check or your source system. | |||
| Review | Device has been seen by the control and is not expected. This should be reviewed as it indicates a configuration issue within the Control Check or your source system. | |||
| Not covered | Device is not covered by the control, as expected. |
Comments
0 comments
Please sign in to leave a comment.