High Risk Business Critical Apps

Overview

The High Risk Business Critical Apps widget identifies business-critical applications that have high security risk scores. This widget is essential for security teams who need to prioritize remediation efforts on the most important and vulnerable applications in their ecosystem.

Value for Security and DevOps Teams

Security Perspective

  • Risk Prioritization: Helps security teams focus on the highest-risk applications that would have the greatest business impact if compromised

  • Vulnerability Management: Identifies critical applications with high concentrations of vulnerabilities

  • Resource Allocation: Enables effective allocation of security resources to applications where they'll have the most impact

Operational Perspective

  • Business Continuity: Ensures that security issues in business-critical applications are addressed before they affect operations

  • Deployment Risk Assessment: Provides visibility into high-risk applications with active deployments

  • Governance and Compliance: Supports risk management requirements for critical business systems

How to Use

  1. Review the count of high-risk business-critical applications

  2. Drill down to see specific applications and their risk components:

    • Critical vulnerabilities (weighted 3x)

    • High vulnerabilities (weighted 2x)

    • Moderate vulnerabilities (weighted 1x)

    • Deployment activity (weighted heavily to prioritize active systems)

  3. Prioritize applications based on:

    • Overall risk score (greater than 300)

    • Business criticality rating (applications with CIA ratings 13-15)

    • Deployment frequency

Technical Details

The widget considers applications to be high-risk when:

  • They are marked as business-critical in the CMDB/asset registry

  • They have a high CIA rating (13-15)

  • Their calculated risk score exceeds 300

  • The risk score calculation includes:

    • (3 × Critical Vulns) + (2 × High Vulns) + (1 × Medium Vulns) + (1000 × Deployments)

Best Practices

  • Address critical vulnerabilities in business-critical applications first

  • Implement more stringent security controls for applications with consistently high risk scores

  • Schedule regular security reviews for business-critical applications

  • Create remediation plans with clear timelines for high-risk applications

  • Monitor trends in application risk scores over time

PreviousApps with no SASTNextTop Repos By Vulnerabilities

Last updated

Was this helpful?