As you learned in the previous section, Cloud Security Posture Management (CSPM) is one of the two main pillars in Microsoft Defender for Cloud. CSPM is all about hardening your cloud resources and that is why Defender for Cloud will provide you with a large list of security recommendations to help you understand what is good and what can be improved in your resources' configuration. Secure score is the main Key Performance Indicator (KPI) when it comes to understanding how good (or bad) you have configured your resources. The idea of secure score is to show a percentage value based on fixed points that are given for remediating recommendations that are grouped in security controls, as shown in Figure 1.1:
Figure 1.1 – Secure score, security controls, and recommendations
Figure 1.1 shows an environment with a secure score of 48%. The higher this percentage value is, the better protected your resources are. Secure score is calculated based on the following formula:
In the preceding example, the calculation is as follows:
The maximum score is a fixed number, depending on the security controls that apply to your environment. In Figure 1.1, you see two security controls (Enable MFA and Secure management ports), which have a maximum score of 10 and 8. While Defender for Cloud has more than 200 recommendations, not all of them might apply to your environment. For example, in case you don't have any VMs in your Azure subscription, you won't see the Secure management ports control, and therefore might have a maximum secure score of only 50 instead of 58.
Tip : The maximum secure score when writing this book is 58 based on the maximum score of all 15 security controls. This number might change slightly when Microsoft is adjusting the maximum score per control, or when adding new controls.
In order to increase your secure score, you need to make sure to remediate all recommendations in a particular security control that apply to a single resource. Let's take a closer look at the Secure management ports control in Figure 1.2:
Figure 1.2 – Secure score calculation per resource
The total number of resources in this example is seven VMs, two of which need to remediate the Management ports should be closed on your virtual machines recommendation, and four of which need to remediate the last recommendation. For the whole control, you see that four out of seven resources are unhealthy, which means that three out of seven VMs in this control's scope are already completely remediated (and therefore count toward this environment's secure score). The maximum score per resource is the maximum score per control divided by the number of resources within a control, using this formula:
In our scenario, the per-resource score is as follows:
The current score is calculated as follows:
Using the numbers from our scenario, the current score is as follows:
That's why Figure 1.2 shows a current score of 3.43.
Now that you know how secure score is calculated.
Thant Zin Phyo@Cracky (MCT, MCE, MVP)
No comments:
Post a Comment