WIXLIB

PERSONALTECHNOLOGY SHOWCASE P R E D I C TA B L E PROTECTIONQuantifying Cyber Risk: Calculatingthe Arctic Wolf Managed Risk ScoreExecutive SummaryThinking about cybersecurity risks to their company’s operations keeps many business leaders up at night.And this angst won’t go away anytime soon, as a growing technology dependence in the age of digitaltransformation only amplifies the problem.To fully understand your cybersecurity posture requires access to real-time, quantifiable intelligence onhow your IT environment stands up to cyber risks and threats. The ability to quantify cyber risk is no longerreserved to the domain of insurance companies and academia. Organizations of all types increasingly usequantification approaches as part of their cybersecurity and cyber risk management practices.These methodologies and tools range from sophisticated cyber risk benchmarks to managementoriented approaches. What they tend to lack, however, are efficient and reliable ways to take correlations,dependencies, or systemic risk into account. In terms of cyber risk, this insufficiency shows up primarily infour areas:1Priority: Thismeasuresthe organizationwide impact ofcybersecurity risk interms of criticality.2Change: Theevolutionof connectedtechnologies andcyberthreats is rapidlychanging, which makesit difficult to keep upwith evolving risks.3Complexity:The increasingintensity of threatsacross multiple attackvectors and howthey interact witheach other requiresinnovative approaches.4Data: Both thecollection ofdata from a securityevents perspective,and the growing needto protect data atseveral levels (at rest,and in-transit).OverviewThis technology showcase describes how Arctic Wolf Managed Risk provides organizations with a realtime, quantifiable understanding of cyber risk through standards-based, risk-scoring methodologies. Itexplains how those scores are calculated, as well as how they are interpreted.An important element to understanding your cybersecurity posture, cyber risk measurement lets youcategorize the impact from potential cyber incidents that can occur from software vulnerabilities, systemmisconfigurations, or account takeovers from harvested credentials. Understanding this impact is key toidentifying a business’s overall risk exposure, but only if it’s provided in meaningful and quantifiable ways.About Arctic Wolf Managed RiskArctic Wolf Managed Risk goes beyond vulnerability management to continuously scan your networks,endpoints, and configurations to quantify risk-based vulnerabilities.Functioning as an extension of your IT team, Arctic Wolf’s Concierge Security Team provides a quantified,real-time understanding of your risks so you can take prioritized action to improve your cyber risk posture.It complements Arctic Wolf Managed Detection and Response, which provides the most comprehensivesecurity operations center (SOC)-as-a-service in the industry.2020 Arctic Wolf Networks, Inc. All rights reserved. Public

TECHNOLOGY SHOWCASE 2The Arctic Wolf Managed Risk dashboardis tailored to your organization’s prioritiesto help you make sense of your networkand endpoint vulnerabilities, and helpyou deliver on your security outcomes toreduce cyber risk exposure.About the Arctic Wolf Managed Risk ScoreComplementing the 24x7 cyber risk and threat coverage provided by the Arctic Wolf Concierge SecurityTeam, the Managed Risk Dashboard provides single-pane-of-glass visibility into your network assets throughoperational telemetry gathered by the Arctic Wolf Agent. The Managed Risk Dashboard also presents yourcurrent risk profile, the risk profile as measured against industry peers, unresolved risks, risk score trends,network and asset-class health, and more.The cyber risk score calculation is designed to provide context to the criticality of vulnerabilities foundwithin your organization’s networks and endpoints, so you can prioritize your cybersecurity efforts. Forexample, addressing a single level-10 vulnerability does more to lower your holistic cyber risk score thanaddressing 10 level-1 vulnerabilities. Additionally, since the risk score is weighted more heavily towardshigher-risk vulnerabilities, addressing several low-risk vulnerabilities while ignoring those of higher risk canincrease your score.The cyber risk score is based on the CVSS v2 standard and is a weighted average of all vulnerabilities foundon the network. This standard takes into consideration a number of metrics to calculate the base risk score ofa vulnerability, including:X Attack Vector—The accessibility of the exploitable vulnerability (i.e. local access, adjacent access, andnetwork access).X Access Complexity—The complexity of the attack required to exploit the vulnerability once the targetedsystem is accessible.X Authentication—The number of times the attacker must authenticate a targeted system in order toexploit the vulnerability.X Confidentiality Impact—The impact on how data is accessed/disclosed once a vulnerability is successfullyexploited. Impacts include preventing access to authorized users and disclosing data to unauthorizedusers.X Integrity Impact—The impact on the trustworthiness and the accuracy of data once a vulnerability issuccessfully exploited.X Availability Impact—The accessibility of the data/resource once a vulnerability is successfully exploited.For more information on the CVSS standard, please see: or2020 Arctic Wolf Networks, Inc. All rights reserved. Public

TECHNOLOGY SHOWCASE 3The Managed Risk Dashboard displays risk score information by current risk score, industry, and more.Account Takeover Risk DetectionPart of the Arctic Wolf Managed Risk solution; External Vulnerability Assessment combines informationfrom dark and grey web sources published through known data breaches including corporate email, andpassword (if found to be in the clear) with information scanned from endpoints deployed with Arctic WolfAgent. This insight is used to produce observations, an account takeover risk score assessment, and raisealerts about potential account takeover situations. The Arctic Wolf CST uses this information to alert onhigh-risk behavior, and neutralize a bad actor’s ability to progress an account takeover attack any further.The information collected and used in the External Vulnerability Assessment for account takeover riskdetection include:X Private sourcesX Stolen assetsX Infected usersX Open sourcesX TOR hiddensourcesX PastesX Dark web marketsX Covert sourcesX Private forumsX Active ATOcombination listsAccount Takeover Risk LevelObservations collected from the External Vulnerability Assessment are processed by Arctic Wolf SOC-as-aService using human and technology curation processes, and refined through automated Quality Assuranceand Validation workflows. The Arctic Wolf Managed Risk solution produces an actionable account takeoverrisk score that includes additional context on the severity of the risk, and where the corporate credentialswere harvested from.X Low Risk: E-mail address has been exposed on the dark webX Medium Risk: User account and non-decryptable password exposed on the dark webX High Risk: User account and decryptable or plaintext password exposed on the dark webX Critical Risk: User infected with malware leaking account information including password and possiblepersonally identifiable information (PII)Company Risk ScoreThe Company Risk score is evaluated using the scores of each risk group (e.g. patch exploits, configuration,etc.) identified on your network. The risk group values are calculated using the weighted average of thebase scores of all vulnerabilities identified on your network that fall into that group (i.e. the action list). Thescore uses a weighted average of the mean, where each number is multiplied by a value representative of itsimportance (i.e. weight).Industry Risk ScoreThe Industry Risk score illustrates how the company’s risk profile compares to that of its industry peers. Ituses the same weighted-average calculation as the company risk score over a rolling 2-week period of inputdata on vulnerabilities published from NIST and data from the Managed Risk scanner.2020 Arctic Wolf Networks, Inc. All rights reserved. Public

TECHNOLOGY SHOWCASE 4Managed Risk Score CalculationThe Managed Risk score uses a weighted average of the mean vulnerability scores. Using an average of eachrisk category (i.e. low, medium, and high) these averages are multiplied by their weight (i.e. 1, 10, and 50respectively). The sum of the averages is then divided by the sum of all weightings (i.e 1 10 50 61) todetermine the scale of the risk.For example, let’s calculate the risk score for a company with the following characteristics:Total number of vulnerabilities 72Number of vulnerabilities and given risk score:Risk g. (low) 0Avg. (med) ((6.8 x 3) (6.5 x 3) (6.4 x 1) (5 x 1) (4.3 x 1)) / (3 3 1 1 1) 6.17778Avg. (high) ((10 x 7) (9 x 53) (7.1 x 3)) / (7 53 3) 9.02063492Total Weight 10 50 60 (since there are no low score issues)Risk Score (0 x 1 6.17778 x 10 9.02063492 x 50) / (1 10 50) 8.54Therefore, the company’s overall Managed Risk score in this example is 8.54.Details for an identified risk can be expanded to display more information.When we calculate the risk score of a set or risks, we first divide them into categories. The category ofan issue can be found in the “Issue Category” section under risk detail. If a risk does not have its categorydefined, it will be categorized as “Patch Exploit.”We then calculate the risk score of each category using the formula above, and use the maximum as thecurrent risk score.Risk calculation details can be viewed in the Managed Risk Dashboard by clicking the icon beside the current2020 Arctic Wolf Networks, Inc. All rights reserved. Public