Category

Requirement

CSCC

SAMA CSF

ECC-1

Compliance

Provide visibility into the technology assets and information governance processes

1-4-2
2-13-4

3.2.5

1-8-1
1-8-3

Lucidum includes native features that help with compliance, such as:

  • detecting assets without endpoint protection

  • detecting assets without vulnerability scanning

  • detecting unencrypted storage.

This chapter describes these three features.

Lucidum includes many other features that aid compliance. For example, detecting users without identity management, administrative users with privilege management, users not using VPN, and user access to sensitive data.

After Lucidum ingests data from your security solutions, Lucidum uses graph data, machine learning, and predictive analytics to detect and classify all assets and users, even those not detected by the solutions in your environment.

You can then create query the Lucidum databases, export the query results, or create dashboards.

You can also view pre-built dashboards, called Value-Oriented Dashboards or VODs. You can easily edit these dashboards to suit your needs or easily create your own custom dashboards about compliance.

Assets Without Endpoint Protection #

The Endpoint Management dashboard, included with Lucidum, displays information about assets that are not running an endpoint agent.

The Endpoint Management dashboard looks like this:

endpoint_endpoint-management.png

The Endpoint Management dashboard includes:

  • Endpoint Agent Missing: Compute Assets. This chart displays a count of all endpoints without endpoint agents.

  • Data Sources of No-Endpoint-Agent Devices. This chart displays all endpoints without endpoint protection and also displays the data sources associated with these endpoints.

  • Locations of No-Endpoint-Agent Devices. This chart displays the locations for all devices without endpoint protection.

  • Departments of No-Endpoint-Agent Devices. This chart displays the departments associated with devices without endpoint protection.

  • OS of No-Endpoint-Agent Devices. This chart displays the operating systems and versions associated with devices without endpoint protection.

  • Asset Types of No-Endpoint-Agent Devices. This chart displays the asset types associated with devices without endpoint protection.

  • Vendors of No-Endpoint-Agent Devices. This chart displays the vendors associated with devices without endpoint protection.

  • Risk Level of No-Endpoint-Agent Devices. This chart displays the risk level for the devices without endpoint protection.

Assets Without Vulnerability Scanning #

To find assets without vulnerability scanning, you can write a query like:

Lucidum Asset Name exists AND Vuln Scan is not Yes

The query results show all assets that are not being scanned for vulnerabilities:

assets_w_no_vuln_scans.png

You can also include this query and its results in a dashboard.asset_status_for_cyber_insurance.png

You can then remediate by adding vulnerability scanning to these assets without vulnerability scanning.

Unencrypted Storage #

An example of a custom dashboard for unencrypted storage looks like this. This dashboard shows which data storage is encrypted and which data storage is not encrypted. This dashboard also provides details about unencrypted data storage.

asset_encryption_tracking.png

This dashboard includes:

  • Unencrypted Assets. Displays unencrypted assets by asset type.

  • Encrypted Assets. Displays encrypted assets by asset type.

  • User Assets Missing Full Disk Encryption. Displays unencrypted assets associated with users (usually laptops or personal computers).

  • Unencrypted Assets by Location. Displays unencrypted assets by location.

  • Unencrypted Assets by Manager. Displays unencrypted assets by manager name.