An administrator of an enterprise network wants to know which product will mitigate most of the risk in his organization even before applying the product. Assume VSE 8.7 is already installed on the enterprise network, and the administrator wants to select another countermeasure product which would give him the maximum risk reduction. Now how can he achieve this? The answer is Risk Advisor -> What-If Analysis feature. This is a handy tool to find out which is the most appropriate countermeasure that can be deployed in the enterprise network.
What-If Analysis allows you to perform predictive risk analysis to view the possible changes in risk metrics if new or more countermeasures are installed. It is mandatory that actual risk metrics of the enterprise is analyzed before running What-If Risk Analysis Task (MRA: Threat Asset Coverage Analysis Task should be run before running What-If Analysis Task). This is because What-If Risk Analysis is all about how much percentage of your actual risk score goes down if you deploy a particular countermeasure in your enterprise network.
What-If Risk Analysis allows user to select one or more countermeasure products and calculate risk score of the organization considering all the selected countermeasure(s) are installed on all the systems present in ePO System Tree. It also reports the percentage of reduction in the organizational risk, the risk category (‘High’, ‘Medium’ and ‘Low’) and how many threats will be covered (mitigated) by applying the selected countermeasure(s).
Now we will look into how to perform this task.
- Go to Reporting -> Risk Metrics -> What-If Risk Analysis.
- Select any countermeasure from ‘Countermeasure Products’ and add it to ‘Countermeasure Products Added’ panel.
- Countermeasure Products: The panel where all available countermeasure products will be listed
Note that “*” next to countermeasure represents the countermeasure is installed on at least one of the system in the system tree
- Countermeasure Products Added: The panel where the countermeasure(s) needs to be considered for What-If Risk Analysis will be added
For example select ‘Network Security Manager’ and add it to ‘Countermeasure Products Added’ Panel
3. Click on ‘Apply and Analyze'
4. Refresh ‘What-If Risk Analysis’ page for the results
“After Analysis” results show what will be the risk metrics of your organization if the selected countermeasure(s) are deployed on all the systems in your organization. In the above example, ‘Enterprise Risk Score’ went down by ‘1.7’, percentage of reduction in ‘Enterprise Risk Score’ is ’15.17’, ‘Enterprise Risk Category’ is ‘Low’ and Number of threats mitigated by applying this countermeasure are ‘912’ (subtract ‘After Analysis Number of Threats To Mitigate’ from ‘Before Analysis Number Of Threats to Mitigate’)
The above sample result is produced only for 4 systems. There will be drastic reduction in enterprise risk score when a countermeasure is applied at an enterprise level.
“Before Analysis” risk metrics are actual risk metrics of the organization, where ‘Number of Threats To Mitigate’ is the number of threats those are applicable to systems in ePO System Tree