Pwnie Express eases security remediation with a risk-assessment tool

Pwnie Express is adding a tool that ranks the risks its security service finds on customer networks and makes it easier to remediate them.

The new feature of the company’s Pulse service assesses potential vulnerabilities that its sensors detect in customers’ networks and issues a grade in each of four categories. This Device Risk Scorecard points out problems, prioritizes them by urgency and tells how to fix them.

The scorecard looks at wireless infrastructure configuration, client connection behaviors, network host configuration, and shadow IT and rogue devices and computes a grade for each. Customers can drill down to find what discoveries account for low scores and follow the remediation suggestions to fix the problems.

The tool gives a view of grades over time so customers can see where they are gaining and losing ground. The scorecard considers input about wired and wireless devices, including Bluetooth.

Each customer sets what weights they want to give to each criterion used to calculate a score. For example, a customer could decide that it wants to use whether wireless access points are encrypted as part of the rating, but assign only medium importance to it. The presence of wired-to-wireless bridging devices on the network could be given critical importance, and input about vehicles driving by with wireless access points could be muted so it doesn’t weigh into the score.

The scorecard provides details about what compliance standards might be violated by a vulnerability. It will point out which section of the SANS Common Criteria, NIST, Sarbanes-Oxley, PCI and HIPAA requirements are violated.

The scorecard is similar to the Cybersecurity Threat Assessment Report generated by UpGuard’s risk-assessment platform. SecurityScorecard and BItSight Technologies also calculate risk scores for third parties that corporations do business with.

Device Risk Scorecard from Pwnie Express is a feature of its Pulse service and is rolled into the subscription fee.

IDG Insider


« Cisco security advisory dump finds 20 warnings, 2 critical


LG Watch Style review: A fashion-first wearable that costs too much and does too little »
IDG Connect

IDG Connect tackles the tech stories that matter to you

  • Mail

Recommended for You

How to (really) evaluate a developer's skillset

Adrian Bridgwater’s deconstruction & analysis of enterprise software

Unicorns are running free in the UK but Brexit poses a tough challenge

Trevor Clawson on the outlook for UK Tech startups

Cloudistics aims to trump Nutanix with 'superconvergence' play

Martin Veitch's inside track on today’s tech trends


Is your organization fully GDPR compliant?