The Nebula Security Advisor on the Dashboard page is available for Endpoint Protection and Endpoint Detection and Response subscriptions. It provides a comprehensive health score that assesses the quality of your Nebula implementation. This score measures various factors such as policies, scheduled scans, and deployment. A low security score might suggest that the endpoint agent was not deployed to all of your endpoints or that recommended console settings are disabled. Utilize the Security Advisor to gain insight into your company's security posture and receive actionable recommendations for enhancing your security.
Your security score is calculated every 24 hours based on the configuration of your Nebula environment. Personalized tips are provided in the Issues section of the Security Advisor page to help improve your security score.
Factors outside of your subscription do not impact your score as these are scores for paid modules that you do not currently own, which may include DNS Filtering, or Vulnerability & Patch. The factors that apply to all accounts include deployment, policies, scheduled scans, and endpoint status.
Refer to the table below for more information on each factor.
Deployment: The Endpoint Agent must be installed on your devices to protect your endpoints and environment.
Utilize at least 75% of your available seats for your subscription. However, we recommend utilizing all available seats.
|Policies: Policies control the protection settings and are assigned to groups of endpoints.||
Enable the following settings in your policies:
|Scheduled scans: Scheduled scans ensure that your endpoints are repeatedly checked for threats.||
Run daily Detection scans with the following options for all groups of endpoints:
|Endpoint status: Endpoints with an endpoint status indicate action is required on the endpoint.||
Clear the following endpoint statuses:
|DNS Filtering: The DNS Filtering module allows you to block access to known suspicious web domains to secure productivity and collaboration.||Enable all 11 security categories in your DNS rules, and by applying your DNS rules to all endpoints with the DNS Filtering module.|
|Vulnerability & Patch: The Vulnerability & Patch Management module allows you to monitor threat exposure on your endpoints by identifying software vulnerabilities and patch endpoints by updating software and installing operating system patches.||
Perform the following actions with the Vulnerability & Patch Management module:
|Endpoint Detection and Response (EDR): EDR offers advanced threat hunting, reliable isolation, remediation, and response capabilities to cybersecurity attacks.||
Remediate any detected suspicious activity and enable the following EDR settings in your policies:
For more information on how each score is calculated, click Understand scoring on the Security Advisor page.
A score tier is provided based on your security score. Strive for an exceptional rating to keep your endpoints safe. Refer to the table below to see which tier your score falls under:
|88-100%||Exceptional||Amazing! Continue maintaining your score. While your security rating is at its highest, no posture can prevent all risks of breach or vulnerability to threats.|
|66-87%||Very Good||Great job! There are still actions you can take to improve security.|
|55-65%||Good||Good job, but you should resolve some security issues.|
|37-54%||Fair||Your security is at risk and we recommend taking quick action resolving issues, starting with the ones with the highest severity.|
|0-36%||Poor||Your security is at risk and you should take immediate action to resolve problems, starting with the ones with the highest impact.|
The Security Advisor's Issues section offers personalized recommendations to promptly address security issues and boost your security score. Issues can be sorted by factor or severity. The severity levels are as follows:
- Low: Less than 1% security score impact
- Medium: Between 1% and 4% security score impact
- High: More than 4% security score impact
- Critical: Any endpoints with the Remediation Required endpoint status.
Click View next to each severity or factor to display a list of affected endpoints, issues, overall security score impact, and recommended actions. New recommended actions will continue to be added.