Security Score
SA assesses the overall security of your cloud assets in real time and scores your assets based on the SA edition you are using.
This topic describes how your security score is calculated.
Security Score
SA evaluates the over security posture of your assets based on the SA edition you are using.
- There are five risk severity levels, Secure, Informational, Low, Medium, High, and Critical.
- The score ranges from 0 to 100. The higher the security score, the safer your assets are.
- The security score starts from 0 and the risk severity level is escalated up from Secure to the next level every 20 points. For example, for scores ranging from 40 to 60, the risk severity is Medium.
- The color key listed on the right of the chart shows what level each color on the chart represents. Different colors represent different risk severity levels. For example, yellow indicates that your asset risk is Medium.
- The security score is updated when you refresh the status of an alarm event after the risk is handled.
- It takes some time for a check to finish. You can refresh the page to get the new security score five minutes after you start the recheck.
- After risks are fixed, you can manually ignore or handle alarm events and update the alarm event status in the alarm list. The risk severity will then be downgraded accordingly.
Table 1 Security score table Severity
Security Score
Description
Secure
100
Congratulations. Your assets are secure.
Informational
80 ≤ Security Score < 100
Your system should be hardened as several risks have been detected.
Low
60 ≤ Security Score < 80
Your system should be hardened in a timely manner as numerous risks have been detected.
Medium
40 ≤ Security Score < 60
Your system should be hardened ASAP. Your assets are vulnerable to attacks.
High
20 ≤ Security Score < 40
Detected risks should be handled ASAP. Your assets are vulnerable to attacks.
Critical
0≤ Security Score <20
Detected risks should be handled immediately. Your assets are likely to be attacked.
Unscored Check Items
Table 2 lists the security check items and corresponding points.
|
Category |
Unscored Item |
Points |
Suggestion |
Maximum Unscored Point |
|---|---|---|---|---|
|
Compliance Check |
Critical non-compliance items not fixed |
10 |
Fix risky items that failed compliance check by referring to corresponding suggestions and start a new scan. The security score will be updated. |
20 |
|
High-risk non-compliance items not fixed |
5 |
|||
|
Medium-risk non-compliance items not fixed |
2 |
|||
|
Low-risk non-compliance items not fixed |
0.1 |
|||
|
Vulnerabilities |
Critical vulnerabilities not fixed |
10 |
Fix vulnerabilities by referring to corresponding suggestions and start a new scan. The security score will be updated. |
20 |
|
High-risk vulnerabilities not fixed |
5 |
|||
|
Medium-risk vulnerabilities not fixed |
2 |
|||
|
Low-risk vulnerabilities not fixed |
0.1 |
|||
|
Threat Alarms |
Critical alarms not fixed |
10 |
Fix the threats by referring to the suggestions and start a new scan. The security score will be updated accordingly. |
30 |
|
High-risk alarms not fixed |
5 |
|||
|
Medium-risk alarms not fixed |
2 |
|||
|
Low-risk alarms not fixed |
0.1 |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
