The page has an integrated help system which is accessed by clicking on the ‘i’ icon.
Near the top right corner of the page is a “Quick Links” menu which provides a quick way to access commonly-used features and pages.
Filtering the Displayed Information
When the Home Page is first loaded it includes information from every node in the organization. To narrow down the information displayed, the page can be filtered to show information from specific environments and node groups. If both an environment and node group filter are applied, the page will display information for the nodes that belong to that environment, and are also in the node group. This could be used for instance to show nodes in the “production” environment that are also in the “Windows Server” node group. Only one environment filter can be applied, but multiple node group filters can be applied. For instance, the previous example could be refined to show the nodes in the “production” environment that are in either the “Windows Server” or “SQLServer” node groups.
Overall CSTAR Score
UpGuard’s CSTAR, or Cyber Security Threat Assessment Report, provides an overarching measure of an organization’s security. The score is based on a comprehensive analysis of every server, network device, and cloud service in the environment, as well as external cyber risks such as the industry in which the organization operates. The score is the weighted average of the four category scores - Changes, Policies, Vulnerabilities, and Cyber Risks - across all selected environments and node groups. An overall CSTAR score that is low or falling may indicate a problem. Examine the four quadrants to identify which category requires further attention.
Use the color key below to assess your CSTAR score and the severity of any issues present in the environment.
The Changes section of the page captures all changes that have recently occurred. The score is based upon the extent to which these changes can be validated by tests - a low score indicates a high amount of change without corresponding tests. The Changes summary information can be used to quickly identify changes that were not expected, especially when combined with Environment and Node Group filtering.
The Policies section tracks an organization’s ability to maintain systems in a resilient state. To determine the Policies score, UpGuard first assesses test coverage. Without testing, there is no way to know that a system is misconfigured. You can increase your test coverage by writing custom policies or choosing from UpGuard’s content library. The more test coverage, the better the Policies score. UpGuard then calculates the pass rate for those tests. A high Policies score means the organization does a good job ensuring that systems are configured correctly. Policy failures should be investigated and remediated.
The Vulnerabilities section measures the organization’s capacity to detect and remediate vulnerabilities. The score is based on the frequency of scans, as well as the number and severity of vulnerabilities that are discovered. High-rated vulnerabilities that impact multiple nodes should be prioritized for remediation.
External Cyber Risk
Scores for changes, policies, and vulnerabilities are all calculated by examining the organization from within. The External Cyber Risk score captures risk from the outside. It encompasses a number of factors, including whether websites and communication infrastructure are configured securely, the nature of the industry in which the organization operates, and the even the sentiment of staff within the organization.