The Security Risk Score (SRS) is a measure of security strength, where higher scores indicate a higher degree of protection.
While IOCs (Indicators of Compromise) are a reactive measure to spot anomalies after they happen, the SRS is a proactive measure to prevent possible cyberattacks.
Understanding where the risk gaps are helps security teams determine what issues need to be addressed and prioritized. Certain holes in a risk posture may need more immediate attention than others. Aeris’ intelligent tracking tools can help security teams focus their attention to relevant measures quickly, and involve other leaders as needed.
The Aeris SRS is the quantified output of an IoT-specific risk assessment model, that accurately tracks the relative security of your IoT deployment. The score is a percentile ranking that incorporates multiple threat vectors, and provides security teams with an intuitive and interactive view into their IoT deployment's risk posture. Specifically, Aeris analyzes security risk across multiple vectors and monitors the following categories:
The SRS is computed using a proprietary algorithm that assigns weights to different criteria that are relevant to your IoT security.
For each category, we analyze security risk across multiple vectors and security controls.
Network Security is required for a secure network and includes DNS access. The Network Security section performs the following checks:
- Authorized IPs & Endpoints: Is the Authorized IPs & Endpoints feature enabled for your account?
- Public DNS servers: Are you depending on a public DNS?
- Secure DNS servers: Are you using Aeris DNS or a private DNS?
- DNS look-ups per device: Are less than 20% of your devices using public DNS?
Note: You can hover your mouse over each check to view details.
The Asset Management section covers Geolocation and SIM security with the following checks:
- Removable SIMs: Do less than 30% of your devices have removable SIMs?
- Server Location: Do you have servers in OFAC-restricted countries?
- Device Locations: Are your devices outside their designated home country?
The Vulnerability Assessment section identifies a risky, weak, or deprecated configurations with the following checks:
- Non-IOT devices on network: Do you have non-IOT devices in your network?
- Vulnerable protocols: Coming soon.
The Data Protection section identifies whether your data transmission and retention processes are secure through the following checks:
- Encrypted communications: Are all your connections using encrypted channels?
- Insecure endpoints in use: Do you have unencrypted channels in use?
- Data Sovereignty: Coming soon.
- Perfect Forward Secrecy: Coming soon.