Frontline Security GPA®: Making the Grade with Risk-Based Prioritization

By Fortra's Digital Defense

Frontline Security GPA is one the most-used, and most-loved features in Frontline.Cloud. Designed for risk prioritization, Security GPA is predicated upon a simple metric that resonates across all levels of an organization. Based on the academic grading system that uses both a four-point numerical scale in tandem with the letter grades A-F, Security GPA has grown into a powerful and easy-to-use tool that helps information security teams understand and communicate risk inside their network.

Grading on priority

InfoSEC administrators are given a variety of different scoring standards (i.e. red/yellow/green or high/medium/low) that may be too general to correlate risk to your network. Frontline Security GPA takes into account the perceived criticality of individual systems and system types. The more critical a host, the more it counts toward your Security GPA. Digital Defense assigns a template criticality weighting system based on asset type, but this can be customized. Weighting assets by operational importance (firewalls, primary domain controllers, web servers, etc.) turns your efforts to the devices that need the most attention.

Frontline Security GPA makes sure that the most important assets, those most critical to your operations are prioritized for your team to focus on first.

Security GPA is a weighted score that takes into account the asset criticality – default or user defined- and combines with severity of vulnerabilities triggering on the asset to provide a risk-based scoring for prioritization. If a ‘critical’ or 'high’ severity vulnerability triggers on an important, high-scoring asset in your network, that particular asset results in a failing grade (F or 0.00 ≤ 0.66 ). When you repair the vulnerability causing that low grade, your GPA instantly increases. You have raised your failing grade through remediation.

Reporting Card

Frontline Security GPA is visible in Frontline.Cloud™’s dashboard and in Active View, which filters the top five assets with the lowest grade - those most critical to the organization with the highest severity vulnerabilities along with vulnerabilities with the most occurrences - at the top of your dashboard. Drill down from the dashboard view to access the details of the vulnerability and asset.

Frontline’s dashboard displays both internal and external network GPAs. We separate these because we consider internal and external networks to be two different attack surfaces giving you a comprehensive view of your risk, as well and providing your team with insight into where more work is needed.

Users can also see authenticated scans versus unauthenticated scans. We do this to prevent undue penalty for users who are scanning authenticated and finding more conditions versus those that are not scanning authenticated, yet. Both types of scans are represented through graphs in your dashboard and the Frontline Insight peer comparison report.

Making the Grade

Security GPA is a simple way to communicate risk clearly to your leadership team or board. Stakeholders can easily see and track progress over time and use your Security GPA as a benchmark to measure your organization’s tolerance for risk. For example, a Security GPA of 3.33 ≤ 3.49 or a B+ means there aren’t any critical-level vulnerabilities in your network and the higher level vulnerabilities on high-criticality devices are reasonably clean or locked-down. Therefore, the risk of an exploit is low.

“The Security GPA scoring system makes it easy to translate to management.”
Joseph Li, Information Security Analyst
Investors Bank

Additionally, Security GPA is visualized in the platform as both a letter grade and a numerical grade so your team can see incremental improvements. A numerical GPA reflects the smallest repairs to medium or low-level vulnerabilities, while the letter grade may remain the same.

Extra Credit

Since we introduced Security GPA more than 15 years ago, we have continued to enhance it with additional functionality that provides additional insight, as well as to adapt to vulnerability management processes:

  • Cloud GPA - Because Frontline.Cloud is a multi-tenant platform; user data is aggregated to give you an anonymous view for comparing your GPA against everyone else on the system. You can further pare down your comparison using Frontline Insight™ to view how your GPA compares to other businesses in your vertical, or other peer groups.
  • SLA GPA - We know that not all vulnerabilities have the same remediation cycle. With SLA GPA, we introduced a self-defined grace period. SLA GPA works well for organizations that are unable to remediate quickly due to their internal processes, such as complex change control requirements or patch management programs that involve testing before a patched vulnerability is deployed.
  • Frontline Insight™ Peer Comparison - An on-demand report that gives you a visual comparison of your security program in contrast to organizations in your same industry as well as by company size. Using Frontline Security GPA, you can determine how your security posture aligns with like organizations.

Frontline Security GPA is Digital Defense’s proprietary and innovative scoring system and is an indispensable feature for Frontline.Cloud users. It comes as a standard feature in Frontline.Cloud so all users benefit from this powerful and simple approach to managing and communicating risk in your network. Security GPA is also available in Frontline Web Application Scanning (Frontline WAS™) providing insight into the security state of your organization’s web applications.

Request a demo of the Frontline Security GPA feature today.

Need More In-Depth Info?

Contact us and one of our experts can help with any of our cybersecurity solutions.

Contact Us

Share This