Security RX Cloud uses intelligent prioritization to help you focus on the most critical security issues first. Our advanced risk scoring algorithm goes beyond basic severity ratings to provide contextual, actionable prioritization that considers multiple risk factors.
Why prioritization matters
Cloud environments often generate hundreds or thousands of security findings, making it impossible to address everything at once. Without intelligent prioritization, teams often:
- Focus on the wrong issues: Spend time on low-impact findings while critical risks go unaddressed
- Experience alert fatigue: Become overwhelmed by the volume of security notifications
- Lack clear direction: Struggle to know where to start remediation efforts
- Miss contextual risk: Ignore how different findings combine to create larger security exposures
Security RX Cloud's risk scoring approach
Our risk scoring engine automatically calculates priority scores by analyzing multiple risk factors to determine the true risk of each finding. This comprehensive approach ensures you focus on the issues that pose the highest actual risk to your organization.
Ground truth severity correction
Problem solved: AWS Security Hub sometimes labels critical security issues as "INFORMATIONAL," leading to dangerous misconfigurations being ignored.
How it works: Security RX Cloud programmatically corrects misleading severity ratings by cross-referencing findings with official AWS security documentation. If AWS documentation classifies a finding as Critical, we ensure it's scored as Critical in our system, regardless of what the API reports.
Example: An S3 bucket with public read access might be marked as "INFORMATIONAL" by AWS Security Hub, but our system correctly identifies this as "CRITICAL" based on the actual security impact.
Active threat detection
Problem solved: Not all security findings represent the same level of immediate danger. Some indicate active threats that require urgent attention.
How it works: Security RX Cloud automatically adds significant priority bonuses to findings that indicate confirmed threats or active malicious activity, particularly those from AWS GuardDuty.
Threat indicators that receive priority bonuses:
- MaliciousIPCaller: Communication with known malicious IP addresses
- C&CActivity: Command and control server communication
- Trojan: Trojan horse activity detected
- CryptoCurrency: Unauthorized cryptocurrency mining activity
- Backdoor: Backdoor installation or communication
Asset type impact weighting
Problem solved: A misconfiguration on a critical infrastructure component poses more risk than the same issue on a development resource.
How it works: Our scoring engine considers the inherent criticality of different AWS resource types and applies higher priority weighting to high-impact assets.
High-priority resource types:
- AWS::IAM::Role: Identity and access management roles that control permissions
- AWS::KMS::Key: Encryption keys that protect sensitive data
- AWS::RDS::Instance: Database instances containing business data
- AWS::Lambda::Function: Serverless functions with potentially broad access
- AWS::EC2::SecurityGroup: Network security controls
Lower-priority resource types:
- Development and test resources
- Log storage buckets
- Non-critical compute instances
Public exposure analysis
Problem solved: Resources exposed to the public internet face significantly higher risk than internal-only resources.
How it works: Security RX Cloud analyzes each finding to determine if the affected resource is accessible from the public internet. If public exposure is detected, we add substantial bonus points to the risk score.
Public exposure factors:
- Internet-facing load balancers: Resources accessible through public load balancers
- Public IP addresses: Instances with direct internet connectivity
- Open security groups: Security groups allowing access from 0.0.0.0/0
- Public S3 buckets: Storage buckets with public read or write permissions
- Public database instances: Databases accessible from the internet
How findings are prioritized
Risk score calculation
Each misconfiguration receives a comprehensive risk score based on:
- Base severity: Starting point from the original finding severity
- Ground truth correction: Adjustment based on actual documented impact
- Threat indicator bonus: Additional points for confirmed threats
- Asset criticality multiplier: Weight based on resource importance
- Public exposure bonus: Additional risk for internet-accessible resources
- Business context: Optional weighting based on business criticality tags
Priority ranking system
Security RX Cloud converts risk scores into clear priority rankings:
- Critical: Immediate attention required, highest business risk
- High: Address within defined SLA timeframes
- Medium: Important but not urgent, schedule for upcoming sprints
- Low: Address during regular maintenance cycles
Contextual factors
Beyond automated scoring, Security RX Cloud considers additional context:
- Resource tags: Business criticality, environment type (prod/dev/test), team ownership
- Compliance frameworks: Whether findings relate to specific compliance requirements
- Historical patterns: Whether this type of finding has been exploited before
- Interconnected risks: How findings combine to create larger attack surfaces
Types of supported findings
Security RX Cloud processes and prioritizes various types of cloud security findings:
Configuration-based findings
- Access control misconfigurations: Overly permissive IAM policies, public resources
- Encryption gaps: Unencrypted data stores, weak encryption configurations
- Network security issues: Open security groups, unprotected network resources
- Logging deficiencies: Missing audit logs, insufficient monitoring
Threat-based findings
- Malicious activity: Active threats detected by GuardDuty
- Suspicious behavior: Unusual access patterns or resource usage
- Compromise indicators: Signs of potential security breaches
- Attack attempts: Failed intrusion attempts or reconnaissance activity
Compliance-related findings
- Standards violations: CIS Benchmark failures, industry standard deviations
- Regulatory requirements: SOC 2, PCI DSS, HIPAA compliance gaps
- Best practice deviations: AWS Well-Architected Framework violations
Using prioritization in your workflow
For engineers
- Focus on critical findings first: Address high-risk issues before lower-priority items
- Understand context: Use the risk explanation to understand why an issue is prioritized
- Batch similar fixes: Group related misconfigurations for efficient remediation
- Verify impact: Use the public exposure and asset criticality information to validate fixes
For security teams
- Strategic resource allocation: Direct team efforts toward highest-impact issues
- SLA management: Set different response timeframes based on priority levels
- Risk communication: Use priority levels to communicate urgency to stakeholders
- Trend analysis: Monitor whether high-priority findings are increasing or decreasing
Best practices for prioritization
- Trust the algorithm: Security RX Cloud's multi-factor approach is more accurate than single-dimension prioritization
- Consider business context: Add business criticality tags to resources for better prioritization
- Regular review: Periodically review prioritization to ensure it aligns with your risk tolerance
- Team training: Educate teams on why certain findings are prioritized higher than others
Customizing prioritization
While Security RX Cloud's default prioritization works well for most organizations, you can enhance it by:
- Resource tagging: Add business criticality and environment tags to improve context
- Team ownership: Associate resources with responsible teams for better assignment
- Compliance mapping: Tag resources with relevant compliance frameworks
- Business impact classification: Identify business-critical applications and data stores
Learn more about remediation workflows and how to set up cloud security integration to get the most value from intelligent prioritization.