ACSIA Help Center

ACSIA Cyber Risk Assessment (CRA) User Manual V24.xx.xxx

Permanently deleted user
Permanently deleted user
  • Updated

1. Overview

In this article, we'll see how to access and use the ACSIA CRA platform which is Dectar' Cyber Risk Assessment platform.

ACSIA CRA performs numerous passive checks to evaluate your infrastructure, highlighting where your business is weak or strong against a cyber attack. ACSIA CRA makes multiple passive tests and does not simulate an actual cyber attack against your infrastructure.

In simple words: ACSIA CRA collects some data and metrics from your infrastructure; it elaborates them and tells if your infrastructure is weak or strong in the case of a cyber-attack.

At the end of the process, ACSIA CRA assigns a number to the scanned company. This number represents how weak or strong your infrastructure is in the case of a cyber attack, but this is not a definitive number. In fact, the platform performs a check on your infrastructure every now and then, depending on your license.
All the scans performed with ACSIA CRA are recorded inside our databases, and some of our engineers will have access to that information. We use the information gathered to improve our product and detect anomalies or malfunctions. We already discussed internally possible solutions to improve this area, but as of today, we don't have a solution in our roadmap to address this feature request.

2. How to log in

To log in to the platform, you have to request a username and a password to the ACSIA CRA support team.

After that, you can log in here.

With the release of version 24.01.001, the Reset password option has been added. You can reset your password by clicking "Forgot password?"

2024-01-26_11-37.png


3. Basics platform understanding

You can see some information if you click on "Overview" (1).


For example, in the red rectangle on the top left (2) of the screen, you can see your Company's information. On the top right of the screen (3), instead, you can see the rating you've been given by CRA. The CRA score (3) refers to your public-facing exposure to the internet. The CRA risk assessment score is measured with an index consisting of 6 clusters and a value of 0 (least secure) to 100 (most secure)

For information on how to add the companies, please refer to this article: Companies Management

 

2024-01-26_11-44.png

Also, you can see that ACSIA CRA found:

  • 114 Assets. By Assets, we mean the elements that are assessable from a cybersecurity
    perspective, that are exposed, and that make up an organization's attack surface.
  • 41 hosts. By host, we mean any information present in a DNS of a domain registered by the organization that typically identifies an internal or external IP address.
  • 14 networks. By network, we mean a set of IPv4 or IPv6 announced as a single block in BGP, the minimum network announced in IPv4 is a /24 (256 IPs) and IPv6 /48 (65536 IPs). 
  • 4 AS. By AS, we mean Autonomous System: a set of IPv4 or IPv6 networks, identified by a number assigned through IANA by the regional internet registries that identify an internal provider and routing policy.
  • 2 Domains. By Domain, we mean the Internet domain registered by the organization on a top-level domain (eg. .com/.net/.it/.eu).
  • 24 IPs. By IP, we mean the IPv4 or IPv6 Internet address linked to an organization's asset.
  • 20 Websites. By Website, we mean any host exposing anything on the internet that responds to port 80 (HTTP) and port 443 (HTTPS).
  • 7 Emails. By Email, we mean any mail server or an e-mail service typically linked to a domain providing inbound e-mail services.
  • 2 DNS. By DNS, we mean a domain name server, a service configured to respond to an Internet domain registered by the organization in which entries are made identifying the resources accessible via a mnemonic name linked to the linked domain.

Scrolling down, we can see a radar graph like the following:

2024-01-26_11-46.png

Here we can see:

  • On the left, the radar plot shows how the risk index is distributed, among all the assets. In this example, we can see that the website and the domain have the highest exposure, while the DNS and email have the least exposure.
  • On the right, we can see the trend of the risk index over time, starting when the license has been purchased.

The risk index can be read as follows:

mceclip4.png

This means that:

  • an asset with a 0-30 risk index requires immediate action.
  • an asset with a 90-100 risk index does not require actions.

 

ATTENTION:
The risk index varies at each scan. ACSIA CRA scans your infrastructure on a regular basis, depending on your subscription, but you can also perform manual rechecks.

 

When we scroll down, we can see some more details on the exposure to the risk:

For example, the above plot shows that the website is the asset with the highest exposure risk. In fact, the wide red band tells us that here we have a wider band of attack.

 

If we scroll down, we can see the dependencies of the various assets; meaning we can understand how the assets are related to themselves:

This does not mean that the assets are really physically connected to each other. CRA software just found them logically related to each other.

 

Finally, we can visualize all the details related to the assets. To do so, you can follow the guide dedicated to assets management.

 

You can also add third parties, which are companies that somehow interact with you and your company but are different from your one, such as providers or partners. For this reason, ACSIA CRA provides data that are not completely visible. For third parties management, refer to this other article: Third Parties Management


4. Events and notification manual

Starting from version 23.06.001, we've deployed a new notification system that allows you to stay updated on security issues within your companies. The system consists of two parts: notification configuration and your feed.

Let's see them both.

 

4.1 Notification Configuration

The configuration of the platform's notification system allows you to set up notification channels
and topics.


Topics
Topics represent the subjects for which the user wants to receive notifications. By default, the
user is subscribed to the topics "Platform News" and "World News," as well as any subscriptions
they have technical access rights. Each of these topics can be enabled or disabled, and if enabled, the desired severity level for receiving notifications can be set.


The severity levels are:

● "Exclusively alert notification"
● "Warning and alert notification"
● "Info, warning, and alert notification"

 

The topic for the user's subscriptions cannot be disabled but only the severity level can be set.

In addition to these topics, a user can configure a different notification level for specific
companies. This can be set directly on the company's page through the "Actions -> Edit
Notifications" menu and can be later modified or reset to the default subscription level for that
company.


The "Subscription" topic should be understood as the default setting for companies belonging to
that subscription.

 

Channels
Each user has two channels available for configuration: "Feed" and "Email." The "Feed" channel
is displayed within the platform's dashboard (see explanation below). The "Email" channel is
automatically configured with the email used for platform login and cannot be modified. Each of
these channels can be enabled or disabled, and if enabled, the desired severity level for
receiving notifications can be set.


The severity levels are:

● "Exclusively alert notification"
● "Warning and alert notification"
● "Info, warning, and alert notification"

 

2024-01-26_11-50.png

 

Generated events and operation example
The platform automatically generates events that can be sent to users based on their settings.
For example:


● The rating for a company is recalculated, changing from 84 to 78.
● An event with a "warning" severity is generated.
● Every user with access to the company’s subscription is eligible to receive the
notification. The severity level set for the topic is checked, and if it is equal to or lower
than the event's severity level, the notification is kept; otherwise, it is discarded.
● For each user who should receive the notification, the severity levels set for the channels
are verified. If they are equal to or lower than the event's severity level, the notification is
sent; otherwise, it is discarded for that channel.


Feeds

The interface for the internal feed within the platform can be accessed via the bell icon located
in the top-right corner of the dashboard. The bell icon also indicates the number of unread
notifications in the last 7 days. Each notification is automatically marked as read upon opening.
Various filters and actions are available for easier navigation and searching within the
notifications.


2024-01-26_11-51.png

 


5. New features

5.1 Timeshift

The new feature "Timeshift" has been added to our platform, which allows you to journey through time within ACSIA CRA.

    • In the report section, select dates when checks were redone or reports were generated.
    • Explore the new "Timeshift" option in the menu, enabling you to compare the current state with past checkpoints or two different past situations. Easily visualize the evolution of exposure and security status in the monitored infrastructure.

2024-01-26_11-55.png

For further information on how to use this feature, please refer to this articles: Timeshift Management

 

5.2 CTI 

The new CTI module (Cyber ​​Threat Intelligence) contains many features, the most important ones are:

  • Request (and optionally revoke) permission from the company's Data Protection Officer (DPO) to manage and provide data related to Cyber Threat Intelligence.
  • View users found in various sources, categorized by type (leak or botnet), date, and verification status.
  • View any passwords found so that they can be subject to company verification.
  • Manage user credentials by setting their verification status.

This last operation allows the ACSIA CRA platform user to directly influence the company's rating and use the platform to manage the verification status of any released credentials.

Some additional notes:

  • With this release, the CTI information previously visible under "domain" asset types has been reduced, since it is available within the CTI module.
  • At the same time, we have added, reorganized, and streamlined the sources of this data. As a result, the CTI rating algorithm has been partially modified, making it more consistent and, in some cases, stricter.

We expect that, starting from the first recheck after this release, the domain rating of a company, along with our assessment of cyber risk, will change slightly. This is normal and desired as part of the continuous improvement of the platform.

In order to have a better understanding of this module, please refer to this article: Cyber Threat Intelligence Management

2024-01-26_12-06.png

5.3 Reports

ACSIA CRA has a dedicated section for report creation. Please refer to this article: How to Generate Reports

 

 

Related to