About the Vulnerability Map
Vulnerability management and micro-segmentation are foundational security controls of a successful cybersecurity strategy. The Illumio Vulnerability Map combines Illumio's App Group Map (an application dependency map) with vulnerability data from Qualys Cloud Platform to provide insights into the exposure of vulnerabilities and attack paths across your applications running in datacenters and clouds. This enables application security teams, vulnerability management teams, and segmentation teams to understand not only the vulnerability of a workload but more importantly the paths that bad actors can leverage to exploit vulnerabilities.
The Vulnerability Map integrates application dependencies and network flows with the vulnerabilities on the host that are exposed on communicating ports.
Vulnerability Terminology
Vulnerability: A generic vulnerability that can exist on any workload (or port and protocol), for example, Apache heart bleed.
Detected Vulnerability: The instance of a vulnerability that exists on a workload, for example, Apache heart bleed existing on workload X on port 80.
Vulnerability Report: A report containing the detected vulnerabilities.
Vulnerability Score: The summation of severities of the vulnerabilities for an App Group, role, or workload where the individual vulnerability scores range between 0 and 10.
Exposure Score: The E/W Exposure Score combined with the Internet Exposure. It is a score of how many workloads can use the vulnerable port on a workload based on the provisioned rules.
Vulnerability Exposure Score (V-E Score): A calculated value based on the Vulnerability Score and the Exposure Score = ∑ f (VS, ES). It can be shown for an individual vulnerability on a port for a single workload or as a summation of all the V-E Scores for an App Group, role, or workload.
East-West (E/W) Exposure Score: A count of workloads that can use a vulnerable port with the currently provisioned rules, and whether the vulnerability is exposed to the internet.
Internet Exposure: Indicates whether a vulnerable port is exposed to traffic from the internet. Internet Exposure is enabled by the rules allowing inbound traffic on that port.
Severity: Represents a range of Vulnerability Score values.
0 = Info
0.1 to 4.0 = Low
4.1 to 7.0 = Medium
7.1 to 9.0 = High
9.1 to 10 = Critical
You can select the severity level you want to consider when showing which traffic is going to the vulnerable ports.
Benefits of the Vulnerability Map
The Vulnerability Map has the following benefits:
Visibility into the potential attack paths that could be exploited by a bad actor.
The East-West exposure score calculates how many workloads can potentially exploit vulnerabilities.
You can apply vulnerability-based micro-segmentation as a compensating control to reduce East-West exposure.
The East-West Exposure Score shows you how vulnerable a workload is to exploitation from other workloads in your datacenter. It is displayed per workload and is a calculation of how many workloads can potentially exploit individual vulnerabilities on any given workload that has a VEN. The lower the score, the smaller the chance that a bad actor can exploit vulnerabilities. This insight can be used to prioritize and generate precise micro-segmentation policies as a compensating control and help prioritize patching efforts.
Note
Vulnerabilities exposed over network ports can be exploited by remote bad actors. You can write security policies in the Illumio Core to eliminate or constrain exposure to such vulnerabilities. However, the Vulnerability Map does not include the local vulnerabilities (those not exposed over network ports) in its calculation, because there is no network exposure due to them.
Vulnerability Map Usage
In most organizations, vulnerability management is performed through scanners that scan infrastructure to identify vulnerabilities and provide reports. In some cases, there is no patch for zero-day vulnerabilities. Illumio Core vulnerability-based micro-segmentation gives security teams the ability to focus on where they are most vulnerable—inside their datacenter and cloud, leveraging micro-segmentation as a compensating control.
For example, consider the increased East-West traffic (server-to-server traffic within your datacenter) that the cloud brings with it. This creates many new attack surfaces. Combining vulnerability and threat data from the Qualys Cloud Platform and Illumio’s application dependency mapping yields a vulnerability map that displays connections to vulnerabilities between and within applications. Using the Vulnerability Map you can see which of your workloads are highly vulnerable to attacks and can reduce the vulnerability score to make those workloads more secure.