The Security Risk Score (SRS) is a measure of security strength, where higher scores indicate a higher degree of protection.
While IOCs (Indicators of Compromise) are a reactive measure to spot anomalies after they happen, the SRS is a proactive measure to prevent possible cyberattacks.
Understanding where the risk gaps are helps security teams determine what issues need to be addressed and prioritized. Certain holes in a risk posture may need more immediate attention than others. Aeris’ intelligent tracking tools can help security teams focus their attention to relevant measures quickly, and involve other leaders as needed.
The Aeris SRS is the quantified output of an IoT-specific risk assessment model, that accurately tracks the relative security of your IoT deployment. The score is a percentile ranking that incorporates multiple threat vectors, and provides security teams with an intuitive and interactive view into their IoT deployment's risk posture. Specifically, Aeris analyzes security risk across multiple vectors and monitors the following categories:
The SRS is computed using a proprietary algorithm that assigns weights to different criteria that are relevant to your IoT security.
For each category, we analyze security risk across multiple vectors and security controls.
Network Security is required for a secure network and includes DSN access. We perform important checks to ensure network security:
- ConnectionLock enable: Is the ConnectionLock feature enabled for your account?
- Public DNS servers: Are you depending on a public DNS?
- Secure DNS servers: Are you using Aeris DNS or a private DNS?
- DNS look-ups per device: Are less than 20% of your devices using public DNS?
Note: You can hover your mouse over each check to view details.
Asset Management covers Geolocation and SIM security with the following checks:
- Removable SIMs: Do less than 30% of your devices have removable SIMs?
- Server Location: Do you have servers in OFAC-restricted countries?
- Device Locations: Are your devices outside their designated home country?
Posture and Vulnerability Assessment
Posture and Vulnerability Assessment identifies a risky, weak, or deprecated configuration with the following checks:
- Non-IOT devices on network: Do you have non-IOT devices in your network?
Data Protection refers to secure data transmission and retention and includes the following checks:
- Encrypted communications: Are all your connections using encrypted channels?
- Insecure endpoints in use: Do you have unencrypted channels in use?