What Are Technical & Business Contexts?
Contexts are grouping of devices and applications that help in structuring element data and in generating focused reports:
-
Technical Context refers to the classification of devices and applications based on their technical attributes, such as device type, function, or location within the network. Typically, the owner / owner group assigned in TCs should be technical owners.
-
Business Context refers to the grouping of technical contexts based on their impact on business operations. This context helps prioritize vulnerabilities and remediation actions that are most critical to the organization’s goals and objectives. Typically, the owner / owner group assigned in BCs should be business owners.
Auto-generated BC/TC
CODA Footprint provides automatic generation of Contexts based on correlated information about Applications and Devices using our AI capabilities. These contexts can be customized in terms of:
-
Perspective Settings - These are adjustments that a user can make based on three criteria:
-
Business Impact - Adjusts the importance of discovered vulnerabilities according to the score set by the user. By default, this is set to 50.
-
Asset Zone - Consists of four categories (Internet, WAN, Isolated, and Nobody) with decreasing scores, referring to the accessibility zone of the assets.
-
Accessible By - Includes four categories (Servers & Users, Only Users, Only Servers, Nobody) that differentiate the levels of accessibility.
-
-
Owner User - where particular users who need focused reports on their areas of responsibility can own the contexts and its devices from a vulnerability perspective. This can be an individual user or a group within the organization responsible for overseeing remediation. It helps in tracking accountability and ensuring vulnerabilities are managed properly within the relevant teams.
(Owner User is subject to change in an upcoming platform release)
System Auto-Generated Contexts
Footprint automatically generates Technical and respective Business Contexts across the following types of environments:
-
Internal Footprint: This refers to the auto-generated context for vulnerabilities and assets within the organization's internal network or environment (Agentless Surface - Internal Scanners, Agent-Based Surface).
-
External Footprint: External context is created based on assets exposed to external threats, focusing on the organization’s public-facing infrastructure (Agentless Surface - Cloud Scanners)
-
Organizational Footprint (Only BC): This is based on the broader business and technical context across all assets, allowing organizations to manage and evaluate vulnerabilities with a company-wide perspective.
-
Agent Based Footprint: Which groups all the devices scanned by the local agent or Active Directory agents.
These contexts are always automatically generated during the initial setup, ensuring that all critical areas are covered, minimizing manual work.
However, if you wish to customize the rules that trigger specific contexts, you can use the dedicated configuration button. This allows you to create different contexts based on the options outlined below, tailoring the settings to suit your specific needs.
-
Group devices by tags: generates Technical and Business Contexts for each tag manually assigned to a device. Each context will be named after the tag. A tag is a label that can be applied to a specific asset. Note that the generation of the business context can be disabled by using the Device / Edit Tag button.
For agentless assets, the Upload device tags button allows users to apply tags to multiple assets at once, making it easier to categorize and manage large sets of data. Bulk tagging is especially useful when onboarding new systems or conducting extensive vulnerability assessments. This can be achieved by downloading the specific template under the Scan Surface page and uploading it back with the requested data.
Note: “Device hostname" from the template must match one of the <User Input> entry from the Scan Surface.
Note: An Enhanced Custom Tag Manager is subject to be added in an upcoming platform release.
-
Group devices by Agentless Scan Surface inputs: generates technical contexts for each input (typically subnets) provided in the Agentless Scan Surface, containing all the discovered devices, and using the naming convention “Assets in <<input>>.
-
Group applications by email protocol: generates technical contexts containing applications with specific email protocols: SMTP - “SMTP(S) applications”, IMAP - “IMAP(S) applications”, POP3 - “POP3(s) applications“.
-
Group devices that run on Windows operating systems: generates two Technical Contexts based on the type of the operating system: workstations (“Windows Workstations”) and servers (“Windows Servers“).
-
Group devices by Windows roles and features: generates a Technical Context for each Windows role and feature: Domain Services, File Sharing, Print Services, Backup Services, Database Services, Virtual Desktops.
-
Group web applications and their devices: generates multiple Technical Contexts: for each web application, including its associated runtimes; for each web application, containing the devices using the application. Additionally, it creates two Technical Contexts for unidentified applications and applications returning error responses.
-
Group operating systems: generates a Technical Context (“Operating Systems“) containing all the applications identified as operating systems.
-
Group applications by DNS protocol: generates a technical context (“DNS applications“) containing applications using the DNS protocol.
-
Group applications based on SQL presence in their product and protocol: generates a Technical Context (“SQL applications“) containing applications with SQL presence in their product or protocol.
-
Group applications by commonly used protocols and their ports: generates Technical Context based on commonly used protocols and their ports.
Manually generated BC/TC
Grouping devices within a company can be approached in several ways, depending on the organization's specific needs, structure, and goals. Therefore, CODA Footprint allows manual generation of Contexts facilitating complete control over their content. The option to manually generated contexts is by clicking the Manage Business Contexts or Manage Technical Contexts in the top right of each corresponding screen.
Perspective Settings and Owner User can be modified within Technical Contexts as well, with the side note that there is also the option to inherit the values from the parent context.
Benefits of Using Technical & Business Contexts
Using Technical & Business Contexts allows organizations to:
-
Tailor reports to specific business units or device groups.
-
Prioritize risks and remediation actions based on business impact.
-
Provide context-specific insights to different stakeholders, such as network admins or business owners, who need focused reports on their areas of responsibility.
Tagging devices and grouping them into specific Technical & Business Contexts enables enhanced reporting and prioritization, as outlined below:
a). Unified Remediation Actions (Remediation Report)
By grouping devices, the remediation actions across the customer environment can be unified. This helps prioritize the most critical actions, particularly those that affect the highest number of devices. The report is available under Reports > Remediation > Remediation Report.
b). Prioritized Risk List (Contextual Risk Report)
The CRS (Contextual Risk Scoring) Report prioritizes risks from the highest score to the lowest, reflecting the critical risks based on the defined Business Context. This report can be found under Reports > Risk > Contextual Risk Report.
Please note that immediately after the Business Context generation, filtering the Reports by a newly created Business Context requires a recent generation of Contextual Risk Scoring and Remediation reports. This can be done by starting the corresponding processes within Settings > Scheduler > (Start) Contextual Risk Scoring Report Generation + (Start) Remediation Report Generation.
c). Contextual View for Context Owners
Context Owners can view the risks and remediation actions in a more structured manner. This is particularly useful since each context provides a focused view of the risks or remediations that fall under their area of responsibility.
Comments
0 comments
Please sign in to leave a comment.