Ran Harel

Our latest Purple Knight (PK) v4.2 release introduces fundamental changes, particularly concerning the new scoring calculation. Changing from a broader approach that considered all indicators, we’ve now zeroed in on the “failed” indicators, those that highlight genuine security threats in your environment. This shift aims to ensure that the overall and category scores accurately mirror the severity and potential ramifications of the security vulnerabilities present in your environment.

Deciphering the scoring shift

The core changes in Purple Knight v4.2 revolve around the way the calculation is performed. We have moved from an approach that considered all indicators, even those that didn’t pinpoint security threats, to an approach that emphasizes only the “failed” indicators. This refinement ensures that the overall score is closely tied with the severity and repercussions of security exposure within your environment.

Why the change

Severity and impact: The new scoring system emphasizes the severity of the indicators and the volume of objects found for each indicator. Essentially, the comprehensive score is predominantly swayed by the severity of these indicators and their corresponding effects on your security stance.

True representation: In the past, scoring calculation included non-failing indicators that could result in an artificially inflated overall score when more indicators were added, even if they didn’t detect any security issues. Previously, the inclusion of non-failed indicators in the scoring calculation could lead to a situation where the addition of more indicators, even if they didn’t find security issues, would artificially inflate the overall score. This was a misleading representation of the actual security risks present in your environment.

Changes to category scores

It’s important to note that category scores no longer factor into the overall score’s calculation. As such, there is no direct correlation between category scores and the overall score. Instead, each category score should be considered as an independent metric that can be compared to its future values, serving as a valuable tool in tracking the progress of remediation efforts.

Category scores are calculated using the same methodology as the overall posture score. The primary factors influencing category scores are the severity of identified exposures and the quantity of indicators within that category that detect these exposures.

Improving your posture score

To effectively enhance your posture score, it’s essential to focus on addressing the most critical indicators of exposure (IOEs). These IOEs carry the greatest weight in influencing your score. Remember, indicators with the lesser severity will have a correspondingly minor effect on the overall score.

To help you swiftly pinpoint critical IOEs, we’ve moved them to the top of your reports for immediate access and evaluation. Focusing on these critical items will substantially enhance your posture score, significantly improve your posture score and overall security posture.