Updated on 2023-05-16 GMT+08:00

Security Score

SA assesses the overall security of your cloud assets in real time and scores your assets based on the SA edition you are using.

This topic describes how your security score is calculated.

Security Score

SA evaluates the over security posture of your assets based on the SA edition you are using.

  • There are five risk severity levels, Secure, Informational, Low, Medium, High, and Critical.
  • The score ranges from 0 to 100. The higher the security score, the safer your assets are.
  • The security score starts from 0 and the risk severity level is escalated up from Secure to the next level every 20 points. For example, for scores ranging from 40 to 60, the risk severity is Medium.
  • The color key listed on the right of the chart shows what level each color on the chart represents. Different colors represent different risk severity levels. For example, yellow indicates that your asset risk is Medium.
  • The security score is updated when you refresh the status of an alarm event after the risk is handled.
    • It takes some time for a check to finish. You can refresh the page to get the new security score five minutes after you start the recheck.
    • After risks are fixed, you can manually ignore or handle alarm events and update the alarm event status in the alarm list. The risk severity will then be downgraded accordingly.
    Table 1 Security score table

    Severity

    Security Score

    Description

    Secure

    100

    Congratulations. Your assets are secure.

    Informational

    80 ≤ Security Score < 100

    Your system should be hardened as several risks have been detected.

    Low

    60 ≤ Security Score < 80

    Your system should be hardened in a timely manner as numerous risks have been detected.

    Medium

    40 ≤ Security Score < 60

    Your system should be hardened ASAP. Your assets are vulnerable to attacks.

    High

    20 ≤ Security Score < 40

    Detected risks should be handled ASAP. Your assets are vulnerable to attacks.

    Critical

    0≤ Security Score <20

    Detected risks should be handled immediately. Your assets are likely to be attacked.

Unscored Check Items

Table 2 lists the security check items and corresponding points.

Table 2 Unscored check items

Category

Unscored Item

Points

Suggestion

Maximum Unscored Point

Compliance Check

Critical non-compliance items not fixed

10

Fix risky items that failed compliance check by referring to corresponding suggestions and start a new scan. The security score will be updated.

20

High-risk non-compliance items not fixed

5

Medium-risk non-compliance items not fixed

2

Low-risk non-compliance items not fixed

0.1

Vulnerabilities

Critical vulnerabilities not fixed

10

Fix vulnerabilities by referring to corresponding suggestions and start a new scan. The security score will be updated.

20

High-risk vulnerabilities not fixed

5

Medium-risk vulnerabilities not fixed

2

Low-risk vulnerabilities not fixed

0.1

Threat Alarms

Critical alarms not fixed

10

Fix the threats by referring to the suggestions and start a new scan. The security score will be updated accordingly.

30

High-risk alarms not fixed

5

Medium-risk alarms not fixed

2

Low-risk alarms not fixed

0.1