JSA Risk Manager Overview

SUMMARY JSA Risk Manager is a separately installed appliance for monitoring device configurations, simulating changes to your network environment, and prioritizing risks and vulnerabilities in your network.

JSA Risk Manager uses data that is collected by JSA. For example, configuration data from firewalls, routers, switches, or intrusion prevention systems (IPSs), vulnerability feeds, and third-party security sources. Data sources enable JSA Risk Manager to identify security, policy, and compliance risks in your network and estimate the probability of risk exploitation.

JSA Risk Manager alerts you to discovered risks by displaying offenses on the Offenses tab. Risk data is analyzed and reported in the context of all other data that JSA processes. In JSA Risk Manager, you can evaluate and manage risk at an acceptable level that is based on the risk tolerance in your company.

You can also use JSA Risk Manager to query all network connections, compare device configurations, filter your network topology, and simulate the possible effects of updating device configurations.

You can use JSA Risk Manager to define a set of policies (or questions) about your network and monitor the policies for changes. For example, if you want to deny unencrypted protocols in your DMZ from the Internet, you can define a policy monitor question to detect unencrypted protocols. Submitting the question returns a list of unencrypted protocols that are communicating from the Internet to your DMZ and you can determine which unencrypted protocols are security risks.