Egress Security Score
The Egress Security Score on the Egress > Overview tab provides information on how well your VPC/VNets are protected by Aviatrix PaaS.
Hover over the score and click View Breakdown to see the Egress Security Score breakdown.
Click Protect VPC/VNets to open the Protected VPC/VNets tab.
Egress Security Score Breakdown
Click View Breakdown on the Egress Security Score card.
You can select the time period for the progress report: the last seven, 30, or 90 days; the previous month, the previous three months, the previous quarter, or the previous year.
The Progress Report shows the history of the Egress Security Score, and well as how many VPC/VNets were Protected, Partially Protected, Monitored, Unmanaged, or Unprotected each day.
Egress Security Score Calculation
-
Egress Score = (Sum of all scores of individual non-ignored VPC or VNets / Total number of non-ignored VPCs) * 100
-
0 is the lowest score for a VPC/VNet
-
1 is the highest score for a VPC/VNet
-
Gateway subnets are excluded
-
In AWS, focus on routes that have a next hop of "nat-*".
| VPC/VNet State | Aviatrix Gateway | Criteria (AWS) | Definition | Score |
|---|---|---|---|---|
Not Onboarded |
None |
No Aviatrix Gateways |
VPC has no Aviatrix Gateways deployed and has direct access to the Internet. |
0 |
Unprotected |
Yes |
0.0.0.0/0 points to the Aviatrix gateway AND there is no Default Deny Rule for the VPC OR 0.0.0.0/0 points to Internet Gateway |
VPC has Aviatrix Gateways deployed and direct access to the Internet; traffic to Internet is not logged. |
0 |
Monitoring |
Yes |
0.0.0.0/0 points to the Aviatrix gateway AND VPC is in a 'Watch' Rule for Any-Web AND there is no Deny Any-Web Rule for the VPC |
VPC has Aviatrix Gateways deployed and traffic to the Internet is being logged. |
.5 |
Partial Protection |
Yes |
0.0.0.0/0 points to the Aviatrix Gateway AND there is no Default Deny Rule for the VPC AND the VPC is in another Deny Rule (but not Any-Web) |
VPC has some selective traffic to the Internet blocked. |
.75 |
Zero Trust |
Yes |
0.0.0.0/0 points to the Aviatrix Gateway AND source VPC; Destination is Public Internet; there is a Deny Rule for the VPC |
VPC may have only selective traffic to the Internet allowed. |
1 |
No Egress |
None / Yes |
No 0.0.0.0/0 route in the VPC |
VPC does not have direct access to the Internet |
1 |
Ignored |
None / Yes |
Manually set state |
VPC is ignored from Egress Score calculation |
N/A |
Include VPC/VNets in the Egress Score
You can include selected VPC/VNets in the Egress Score calculation.
On the Security > Egress > Protected VPC/VNets tab, click the vertical ellipsis 
next to the VPC/VNet and select Include in Egress Score. The VPC/VNet will be included in the Egress Score calculation.
Ignore VPC/VNets for the Egress Score
You can exclude selected Unprotected VPC/VNets from being included in the Egress Score calculation.
On the Security > Egress > Protected VPC/VNets tab, click the vertical ellipsis next to the VPC/VNet and select Ignore for Egress Score. The VPC/VNet will not be included in the Egress Score calculation.