Risks overview

As an operator or a site reliability engineer (SRE), it's critical that you are able to observe the business services in your organization to monitor their overall health.

A vulnerability is a flaw in a system that can compromise security, and multiple new, critical vulnerabilities affect services daily. 
IT personnel often face challenges in understanding and prioritizing these risks due to the complex nature of the vulnerabilities and a lack of the required security expertise. The lengthy, manual remediation process can also impact service health.

When infrastructure-based changes are implemented in an organization, the direct impact on service health and performance is not easily identifiable. Change risk assessment often is a manual and time-consuming activity, and a lack of proper risk assessment might lead to issues resulting in service outages and cause further disruption to the business. 

BMC Helix AIOps provides a set of comprehensive, risk monitoring capabilities. 

Related topics

Managing-risks

Monitoring-vulnerabilities

Investigating-vulnerabilities

Vulnerabilities

A vulnerability is a flaw or weakness in a system that can compromise security. Tens of thousands of vulnerabilities, many with high or critical severity, affect services daily. It is often difficult and time-consuming for IT personnel to understand a vulnerability and assess and prioritize its risks. The remediation content creation process is lengthy and manual, with low throughput and a high margin for errors, and it can get delayed if the SecOps or DevOps team is occupied with other tasks. 

As an operator or a site reliability engineer (SRE), it's critical that you have a robust vulnerability management solution to be able to monitor the vulnerabilities affecting the services, investigate the risks associated with these vulnerabilities, and quickly prioritize remediation to restore the health of the impacted services.

The Vulnerabilities page provides relevant information about the services used by your organization in one place. You can view the following information:

  • The top impacted services, based on the Risk score assigned to them - a numerical value between 0 and 10
  • The top remediation owners, that is the user or user group that owns a vulnerability, based on the number of vulnerabilities assigned to them.
  • The top vulnerabilities based on their Severity - Critical, High, Medium, or Low
  • The details of each vulnerability including the option to generate remediation content for it

Scenario

The APEX Global IT Train Ticketing System is a microservices-based architecture that provides a portal for booking and managing train reservations.

Bruce is a site reliability engineer at APEX Global IT and is responsible for monitoring the overall health of all the services used for the train ticketing system by using BMC Helix AIOps.

The Vulnerabilities tab on the Risks page on the console shows the top impacted services, the top vulnerabilities impacting the services in his organization, and the top remediation owners. Today, he observes that the TrainsApp service, typically used by travelers to book tickets, is impacted and has a Risk score of 9.1.

He clicks the service name to open the service details and observes that there are 169 critical vulnerabilities affecting the service. The most critical vulnerability affecting the TrainsApp service is Apache Log4j SEoL (<= 1.x). He clicks the vulnerability name to view the vulnerability details, such as severity, CVE-ID, CVSS score, impacted services, and the number of impacted assets.

Bruce has enabled BMC HelixGPT, which generates a vulnerability summary in a human-readable format that is easy to understand. For this vulnerability, BMC HelixGPT generates the following summary:

A critical vulnerability exists in the Apache Log4j version less than or equal to 1.x. Since it is no longer maintained by the vendor, there will be no new security patches released. This leaves the system exposed to potential security vulnerabilities. It is strongly recommended to upgrade to a newer, supported version of Apache Log4j to ensure proper maintenance and security updates. The vulnerability has a CVSS Score of 10, indicating critical severity.

Bruce also leverages BMC HelixGPT to generate the following best action recommendations for remediating the vulnerability:

  1. Determine the version of Apache Log4j currently supported
    Check the official Apache Log4j website or consult with the software vendor to determine the latest supported version.
  2. Download the latest supported version of Apache Log4j
    Visit the official Apache Log4j website or the software vendors website to download the latest stable release.
  3. Install or upgrade to the latest supported version of Apache Log4j
    Follow the installation instructions provided with the downloaded package and install or upgrade to the latest supported version.
  4. Verify the successful installation or upgrade
    Check the system logs or use the appropriate command to verify that the upgrade to the latest supported version of Apache Log4j was successful.
  5. Apply any necessary patches or updates
    Regularly check the official Apache Log4j website or the software vendors website for any patches or updates released for the latest supported version.
  6. Monitor the system for any compatibility issues
    Keep an eye on the system and monitor the logs for any compatibility issues that may arise after the upgrade.
  7. Contact the software vendor or Apache Log4j support team
    If you encounter any compatibility issues or have any questions regarding the upgrade, reach out to the software vendor or the Apache Log4j support team for assistance.

Scenario_Vuln summary_251.png

Based on this information, Bruce can then take corrective measures to reduce the risks associated with open, critical vulnerabilities.

All these capabilities enable Bruce to achieve the following objectives with services in his organization:

  • Remain available and healthy at all times
  • Perform at an optimal level
  • Have low downtime and minimal impact on the business


Change Risk Advisor



BMC HelixGPT-based summary and best action recommendations

BMC Helix AIOps connects with BMC HelixGPT to leverage the generative AI capabilities that help operators or SREs understand a vulnerability faster, by providing a human-readable AI-generated summary. This summary gives a synopsis of the causal summary explaining the complete context of the vulnerability. 

vulnerability_summary_251.png

Important

To enable BMC HelixGPT, contact BMC Support.

If BMC HelixGPT is not enabled, the vulnerability summary is the vulnerability description received from the scanning systems configured in BMC Helix Automation Console.

Vuln_summary_no HelixGPT.png

Best action recommendations

By using the generative AI capabilities, BMC HelixGPT provides a step-by-step action plan for remediating a vulnerability. These remediation steps are called best action recommendations and can be used by the operators or SREs to resolve the vulnerability. Best action recommendations help close vulnerabilities faster and improve the mean time to resolve (MTTR).

BMC HelixGPT generates these recommendations by evaluating information received from the scanning systems configured in BMC Helix Automation Console.

With the remediation steps, a code wizard provides sample scripts that can be used for performing the recommended step in Ansible or TrueSight Server Automation.

HelixGPT_remediation_script_251.png

By leveraging the capabilities of BMC HelixGPT, operators can improve operational efficiency, derive insights from all connected sources, and reduce manual errors by implementing automation to resolve vulnerabilities faster.

Important

If BMC HelixGPT is not enabled, you cannot automatically generate remediation content for the vulnerability.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*