Risk Measurements

Lucidum calculates the following risk measurements for each asset and user:

• Risk Factor

• Risk Score

• Risk Ranking

• Risk Level

Lucidum also calculates an additional risk value for vulnerabilities and CVEs

•  Lucidum Verified Risk.

Risk Factor #

Risk Factors are known security risks that Lucidum has ingested. Some example risk factors are:

• Number of Known Exploited Vulnerabilities (KEVs) for an asset

• Endpoint protection is not installed

• Endpoint protection is not updated

• Critical vulnerability is found

• High-risk application is found

• Risk alerts and data from other security applications in the environment, such as AWS GuardDuty

Lucidum uses Risk Factor in two ways:

• To calculate the Risk Score

• To inform users of the most impactful security issues for an asset or user

Lucidum uses proprietary, rule-based algorithms and proprietary, machine-learning algorithms to assign a numeric weight to each Risk Factor. Lucidum then uses the weight for each risk factor when calculating risk score.

Lucidum displays the Top Risk Factor to indicate the factors that most affect the Risk Score:

• Risk Factor 1: The most important risk factor that has the biggest impact on the risk score. Although the weight is not displayed, this factor has the highest weight.

• Risk Factor 2: The second most important risk factor. Although the weight is not displayed, this factor has the second-highest weight.

• Risk Factor 3: The third most important risk factor. Although the weight is not displayed, this factor has the third-highest weight.

You can examine Risk Factors to prioritize risk mitigation for individual assets. For example, if the top Risk Factor for an asset is “endpoint protection not installed”, then installing the endpoint protection on this asset will have the biggest impact on lowering its risk.

You can also examine top Risk Factors to gain insights into the overall enterprise. For example, if you determine that “endpoint protection not installed” is a common top risk factor for multiple assets, then installing the endpoint protection on as many assets as possible will significantly reduce the enterprise risk.

Risk Score #

Lucidum calculates Risk Score using proprietary rule-based algorithms and machine learning algorithms. The risk score comprises information that Lucidum has discovered about the asset or user (Risk Factors) combined with the security risk for the data associated with the asset or user.

• Lucidum calculates risk score using the weight of all the Risk Factors.

• Lucidum also examines the data associated with an asset and assigns a risk value to the data. The overall risk score for an asset is greater if the associated data is more sensitive (has a higher risk value). Highly confidential data has the highest risk value.

• The lowest possible risk score is “1”. The highest possible score is unbounded; there is no defined highest possible value for risk score.

Risk score changes only if you mitigate the risks that Lucidum has discovered about the asset or user. For example, if Lucidum determines that an asset does not include endpoint protection, you can reduce the risk score for that asset by installing endpoint protection.

You can create a times series chart to monitor risk score and monitor the trend of the risk score.

Risk Ranking #

Lucidum calculates Risk Ranking using proprietary rule-based algorithms and machine learning algorithms. To derive Risk Ranking, Lucidum calculates Risk Scores and then ranks them from 1-100.

Lucidum calculates risk ranking once a day. Risk ranking compares the risk score for an asset to the risk scores for all the other existing assets.

You can use risk ranking to prioritize daily security tasks. For example, you might choose to reduce risks for assets with a risk ranking of over 95.

Because Lucidum re-calculates risk ranking every day, you should not compare risk rankings in a time series. For example, a risk ranking of 90 on Monday is not comparable with a risk ranking of 90 on Tuesday.

Risk Level #

Lucidum calculates Risk Level by organizing Risk Ranking into three bins (Low, Medium, High).

You can use risk level to prioritize daily security tasks. For example, you might choose to reduce risks for assets with a risk level of “high”.

Risk Level is useful for pie charts and bar charts. Risk Level also helps users drill-down in the Dashboards page. For example, users can drill down into high-risk assets to view information about those assets.

Viewing the Risk Measurements for an Asset #

To view the risk measurements for an asset:

1. Log in to your Lucidum system.

2. In the left menu, click Asset.

3. The Asset page displays a list of assets that Lucidum has found.

   

4. Click Edit Column.

5. In the Edit Columns modal page, select Risk Factors, Risk Level, Risk Ranking and Risk Score.

6. Click Confirm.

7. You can now view risk data about each asset directly from the Asset page.

8. To view details about an asset, click the blue > symbol at the far right of the row.

9. In the Details page, click the tab for Lucidum Data Group.

10. In the left menu, click Risk.

11. You can now view the Risk Score, Risk Ranking, Risk Level, and Risk Factors for the asset.

    

    • Risk Score. Notice that Risk Score is 13.98.

    • Risk Ranking. Notice that although the Risk Score is relatively low, the Risk Ranking is “90”. This means that most of the assets in the Lucidum system have lower risk scores than this Asset. So an Asset with a Risk Score of only 13.98 can still have a high Risk Ranking for the day.

    • Risk Level. Notice that although the Risk Score is relatively low, the Risk Level is “high”. This is because the Risk Ranking is 90, which is considered “high” Risk Level.

    • Risk Factors. The Risk Factors field displays four Risk Factors and lists the top three factors in the subsequent field.

Viewing the Risk Measurements for a User #

Because users access the enterprise environment via their assets, Lucidum derives risk for a user by examining the risk for the user’s assets.

Lucidum calculates risk for a user using the highest Risk Score for the user’s assets. For example, if a user has two assets, and the assets’ risk scores are 75 and 95 respectively, then the user’s risk score will be 95.

Lucidum calculates Risk Ranking and Risk Level for a user from the Risk Score. Lucidum does not assign Risk Factors to users.

To view the risk measurements for a user:

1. Log in to your Lucidum system.

2. In the left menu, click User.

3. The User page displays a list of assets that Lucidum has found.

   

4. Click Edit Column.

5. In the Edit Columns modal page, select Risk Level, Risk Ranking and Risk Score.

6. Click Confirm.

7. You can now view risk data about each user directly from the User page.

8. Click the blue > symbol at the far right of the row.

9. In the Details page, click the tab for Lucidum Data Group.

10. In the left menu, click Risk.

11. You can now view the Risk Score, Risk Ranking, and Risk Level for the user.

    

    • Risk Score. Notice that Risk Score is 15.65.

    • Risk Ranking. Notice that although the Risk Score is relatively low, the Risk Ranking is “67”. This means that most of the users in the Lucidum system have lower risk scores than this user. So a users with a Risk Score of only 15.65 can still have an elevated Risk Ranking for the day.

    • Risk Level. Notice that although the Risk Score is relatively low, the Risk Level is “medium”. This is because the Risk Ranking is 67, which is considered “medium” Risk Level.

Risk fields #

Lucidum creates includes multiple fields for risk.

• For details about fields for general risk, see the table for Risk fields.
• For details about application risks, see the table for Applications fields.
• For details about data risks, see the table for Data fields.

High Risk Assets and High Risk Users #

Lucidum includes fields for high-risk users and high-risk assets.

High-risk users are those users with a Risk Level of “High”.

High-risk assets are those assets with a Risk Level of “High.

Lucidum displays these fields for high-risk assets and high-risk users

• High Risk Assets. Count of high-risk assets associated with the user. If applicable, this field appears in the Viewing Details page for a user, in the Risk category.
• High Risk Assets List. List of high-risk assets associated with the user. If applicable, this field appears in the Viewing Details page for a user, in the Risk category. Clicking a linked asset spawns the Viewing Details page for that asset.
• High Risk Users. Count of high-risk user associated with the asset. If applicable, this field appears in the Viewing Details page for an asset, in the Risk category.
• High Risk Users List. List of high-risk users associated with the asset. If applicable, this field appears in the Viewing Details page for a user, in the Risk category. Clicking a linked user spawns the Viewing Details page for that user.

Lucidum Verified Risk #

Lucidum calculates an additional risk measurement, Lucidum Verified Risk. Lucidum Verified Risk is a single score applied to each CVE in your environment. The score is between 1-100, with 100 being the highest score. The higher the score, the higher the risk for that CVE.

Lucidum Verified Risk is like a credit score for a vulnerability, combining available vulnerability data and data about your environment. Lucidum ingests CVE data from industry data sources, including CVSS, EPSS, and KEV, and then applies ML algorithms and proprietary, rule-based algorithms to generate an inclusive risk score for each CVE.

To generate Lucidum Verified Risk for CVEs, Lucidum:

1. Ingests CVE data from different industry data sources (CVSS, KEV, EPSS, CVE.org)
2. Generates the raw CVE risk score by combining different data factors. Among other calculations:
   • If the CVE has a high CVSS Score or high CVSS Severity, the risk score will be higher
   • If the CVE has a high EPSS Score or high EPSS Percentile, the risk score will be higher
   • If the CVE is a known exploited vulnerability (KEV), the risk score will be higher
   • If the CVE has a KEV fix, the risk score will be lower
3. Scales all the CVE risk scores between 1 to 100 to determine risk rankings.
   • Uses Sigmoid scaling to scale the raw CVE risk score
4. The higher the Lucidum Verified Risk, the riskier the CVE.

To see an example of Lucidum Verified Risk in a dashboard, see the section View All Vulnerabilities.

Using Risk Measurements in a Dashboard #

This dashboard is an example of how you can use the risk measurements in Lucidum to monitor risk and prioritize remediation.

In each chart, you can drill down to find more details.