Click on the video below for an introduction to Site Security Assessments:
You can perform a security assessment for any of your managed sites. The security assessment analyzes various aspects of security, such as your password management policy, the status of your antivirus software, and your patch management.
When you enroll a site in Site Security Assessment, it is assessed against a set of tests, also known as a Security Schema, which will generate a score that represents the security of your site. If you haven't set up a custom Security Schema, your sites are assessed against the Standard Schema.
Site Security Assessments run multiple times per day.
What a Security Score Means
The security assessment runs a series of tests on the site. Each test generates a numbered score. The security assessment shows the details of each test, as well as the numbered score for each test.
In addition, the results of each test contribute to a combined overall score, as well as a score for the following categories of tests:
- Antivirus Security
- Patch Security
- User Security
- Network Security
The highest possible score for each test, each category of test, and combined overall site score is 100. A score of 100 would represent a site where all tests passed. The lower the number, the more critical the security issue.
How the Security Score is Calculated
A security assessment compares a site against a set of tests, called a Security Schema, which can consist of over 30 tests in the following categories:
- Antivirus Security—Assesses whether antivirus software is installed, active, and up-to-date. Also assesses whether a firewall is in use.
- Patch Security—Assesses whether Microsoft and Windows patches are up-to-date.
- User Security—Assesses password activity and password policies for local users and domains.
- Network Security—Assesses if the User Account Control setting is on or off, as well as assessing the security of certain Wi-Fi networks that managed devices have connected to in the last seven days.
The Standard Security Schema contains all the suggested tests at all their suggested settings. You can also create custom Security Schemas with higher or lower levels of security.
Antivirus Security Tests
The workstation antivirus tests check most antivirus programs installed on workstations. The workstation antivirus tests are:
- Workstation Antivirus software detection
- Workstation Antivirus software status check
- Workstation Antivirus software evaluation
The Server antivirus software detection test detects the following antivirus products:
- Symantec™ Endpoint Protection 14
- Avast Endpoint Protection Suite
- Avast Antivirus (deployed through Barracuda Managed Workplace)
- Kaspersky Total Security for Business
- Sophos Server Protection
- ESET File Security for Microsoft Windows Server
- G DATA Business Security
- Bitdefender Endpoint Security
- McAfee Endpoint Security Suite
- Trend Micro Worry-Free Business Security
- F-Secure Server Security
Firewall-related Security Tests
Site Security Assessment has tests for both Windows firewall and third party firewall, included in the Antivirus category. Both tests are included in the Standard Security Schema. Because devices use either a Windows firewall or a third party firewall, Site Security Assessment uses either the three Windows firewall tests or the third party firewall test, but not both, even if both are included in the Security Schema.
Because installing and enabling a third party firewall on a device disables the Windows firewall, if both the Windows firewall tests and the third party firewall test are in the schema, Site Security Assessment detects whether you are using third party firewall or a Windows firewall, and assesses your device accordingly. The firewall tests that don’t apply aren’t assessed, and won’t apply to your final score.
When you’re creating a custom Security Schema, you can add both the Windows firewall tests and the third party firewall tests. Site Security Assessment automatically detects the correct tests to use. You will not lose points as a result of the third party test if your Windows firewall tests pass or lose points on the Windows firewall tests if your third party test passes.
The three Windows firewall tests are assessed if:
- No third party firewall is installed or enabled.
- A third party firewall is installed but not enabled.
The third party firewall tests are assessed if:
- A third party firewall is both installed and enabled.
You will get full points in the Site Security Assessment if your site passes either:
- The third party firewall test; or
- The three Windows firewall tests.
If you have only the Windows firewall tests in your schema and your site has a third party firewall installed and enabled, the Windows firewall tests are not assessed. If you have a third party firewall test, but your site uses Windows firewall, the third party test is not assessed.
Domain-related Security Tests
Several domain-related site security assessment tests require a functioning Onsite Manager to be assessed. The requirements for these tests to be assessed are:
- Onsite Manager with Remote Server Administration tools is installed.
- The Group Policy Management Console is enabled on the Onsite Manager.
- The device hosting the Onsite Manager is attached to the domain.
- The MWService account must be a domain Admin account, and not a local account.
Test Weighting Impact
The tests in the assessment have different weightings depending on the security impact of what is being tested. That means that the tests in the assessment do not all affect the score equally, but have a greater or lesser impact assigned by our proprietary algorithm.
For example, mandating that users create strong passwords is more critical to security than changing the domain policy password every 90 days. So, the test that checks that complexity is required in the local password policy is weighted more heavily than the test that checks if the domain policy password has been changed in the last 90 days. That means that if the Domain password policy - Password complexity requirement status check test fails, finding that the policy doesn't mandate complexity for user passwords, more points will be deducted from the Security Assessment score than if the Domain password policy - Maximum password age status check test finds that the domain policy password hasn't been changed in the last 90 days.
For information on the relation between test weighting and Security Schemas, see Using Security Schemas.
Besides the weighting of tests, another factor that helps determine how much a test changes the Security Assessment score is how many objects (devices, users, accounts, etc.) are affected. For example, if the Software updates evaluation - Feature packs test discovers that 20 devices are missing feature packs, that will lower your security score by a certain amount. If you then install the missing feature packs on ten of the twenty devices, your security score will be higher because fewer devices are affected by the missing security feature.
Viewing Test Details
The Security Score Dashboards display each test that's in the Site Security Assessment, including:
- Test description
- Test details
- Test impact
- Objects (devices, users, accounts, etc.) effected, both the number of objects, and in many cases, links to the effected objects
- Test severity
- Test value
- What you can do to get a better score for the test
Security Score Impact
All the Security Dashboards (Site, Antivirus, Patch, User, and Network), display the individual scores for each test in the Security Schema. The dashboards also display a visual of the overall impact of the results of the score.
|The left column on each Security Dashboard displays the result of the test as a percentage.|
On the right of the Security Dashboard, you can see the relative impact of the test shown as a bar. The color and length of the bar show the severity of the impact. The longer the bar, more greater the relative impact. The test that has the most impact will always have the longest line, no matter what the impact is in absolute terms.
How to Get a Better Security Score
On the Site Security Details page and the Category Details pages, you can click the arrow icon next to any of the tests to see additional info on that test.
The description for each test includes a section called Countermeasure, which may include suggestions for how to resolve the issue. Once you have addressed the issue, your score will improve the next time the security assessment runs.
As the security score of a site improves, the trend of improvement reflects in the trend graphs displayed on the Dashboard and overview pages, as well as in the trend arrows in the Score boxes for each category.