The OneView Security Advisor is available for Global and Site Administrators and displays a security score for each site in the console. The security posture and score of each site are assessed based on policy settings, detection scans, and endpoint status.
A low score may indicate that recommended settings are not enabled or the site has weak security settings. Admins should use Security Advisor to gain valuable insights into a site's security posture and enable the recommended settings.
Site score
The security score is calculated in real-time based on the OneView site configuration or once a task is completed on an endpoint, such as an endpoint requiring a scan. Security score factors for all sites include policy configuration, detection scans, and endpoint status.
Add-ons, such as DNS Filtering and Vulnerability & Patch Management, may affect the score if their settings are not correctly configured. A security score factor is not available for Vulnerability Assessment at this time. Sites without Add-ons are not impacted as it is not part of the subscription.
If a site score is unavailable, this may be due to one of the following:
- The daily score has yet to be generated for the site.
- The site has an Incident Response subscription.
- The site has no endpoint agents installed.
Score factors
| Factors | Recommendation |
|---|---|
| Policies: Policies determine the security settings and are assigned to specific sites and groups of endpoints. |
Enable the following settings in the site policies:
|
| Detection scans: Scheduled detection scans help to identify and address potential threats that may exist on the site's endpoints. |
Run daily Detection scans with the following options for all groups of endpoints:
|
| Endpoint status: Endpoints with an endpoint status indicate action is required to be taken on them. |
Clear the following endpoint statuses:
|
| Browser Phishing Protection: The Browser Phishing Protection browser extension further protects endpoints from browser-related threats. | Enable and configure the Browser Phishing Protection policy setting on all endpoints. |
| DNS Filtering: This add-on blocks access to known suspicious web domains to enhance productivity and collaboration while ensuring security. | Enable all 11 security categories in the site’s DNS rules by applying these DNS rules to all site endpoints based on their OneView policy with the DNS Filtering module. |
| Vulnerability & Patch Management: This add-on monitors and assesses the risk of threats on endpoints by identifying vulnerabilities in software and patching endpoints to mitigate those risks. |
Perform the following actions with Vulnerability & Patch Management:
|
| Endpoint Detection and Response (EDR): EDR offers advanced threat hunting, reliable isolation, remediation, and response capabilities to cybersecurity attacks. |
Remediate any detected suspicious activity and enable the following EDR settings in the site policies:
|
|
Windows Firewall Management: Allows admins to centrally manage the firewall rules and policies of their endpoints from a single console. |
Enable a firewall policy on all endpoints. |
| Email Security: Safeguard your inbox from spam, phishing attempts, and a wide range of other email-related threats by utilizing Email Security. This helps maintain the integrity of email communications and protects sensitive information from being compromised. |
Utilize the security features of Email Security:
|
For more information on how each score is calculated, click Understand site score on the Sites page.
Scoring ranges
A score tier is provided based on the site's security score. Strive for a very good rating to keep the site safe. Refer to the table below to see which tier the score falls under:
| Percentage Range | Rating | Explanation |
|---|---|---|
| 91-100% | Very Good | Amazing! Continue maintaining the score. While your security rating is at its highest, no posture can prevent all risks of breach or vulnerability to threats. |
| 76-90% | Good | Great job! There are minor configuration gaps and a few factors that need attention to reach a better score. |
| 51-75% | Fair | There are notable configuration gaps and several factors that need attention to reduce security risk. Resolve the high-severity issues first. |
| 26-50% | Poor | There are significant gaps in your security posture, and multiple factors require immediate attention. Complete the recommended actions to improve your score. |
| 0-25% | Very Poor | This is a critical risk! Most security factors are poorly configured, and immediate action is required across all scoring factors. Start with the high-severity recommendations |