How is Egress Security Score Calculated

Controller 8.0 is required to view the Egress Security Score.

On the Security > Egress > Overview tab, click Learn More on the How is Egress Security Score Calculated card to display the Egress Security Score Explained dialog, which shows insights into how your egress security score is calculated.

Egress Security Score Explained

The left column shows the VPC/VNet Status (Unmanaged, Managed) and the Protection Status for the VPC/VNets. The dialog also provides an explanation of the status, and which VPC/VNets in your environment have this status (as a number and a percentage).

You can also onboard, monitor, or protect VPC/VNets from this dialog.

500

Status	Description
VPC/VNet Status
Unmanaged	Displays: The number of VPC/VNets that are not yet onboarded and that have no Aviatrix gateways deployed in the VPC/VNets. You can deploy Spoke gateways in your VPC/VNets from here by clicking Onboard. The percentage of all VPC/VNets that are Unmanaged.
Managed	Displays: The number of onboarded VPC/VNets that have Spoke gateways deployed within them. The percentage of all VPC/VNets that are Managed.
Protection Status
Unprotected	Displays: The number of VPC/VNets that have direct access to the Internet, and the traffic is not secured or protected. The percentage of all VPC/VNets that are Unprotected. The Unprotected VPC/VNet Score (which should be zero).
Monitored	Displays: The number of VPC/VNets that have Spoke gateways deployed within them, and traffic to the internet is being logged at L4/L7. The percentage of all VPC/VNets that are Monitored. The Monitored VPC/NVet Score. This becomes part of the overall Egress Security Score. How much of the Monitored VPC/VNet Score pertains to Partial Monitoring (some traffic to the Internet is logged) and how much of it pertains to Full Monitoring (all traffic to the Internet is logged).
Partially Protected	Displays: The number of VPC/VNets that have selective traffic to the internet blocked, while the default setting allows all outbound traffic. The percentage of all VPC/VNets that are Partially Protected. The Partially Protected VPC/VNet Score. This becomes part of the overall Egress Security Score. How much of the Partially Protected VPC/VNet Score pertains to No Monitoring, Partial Monitoring, and Full Monitoring.
Fully Protected	Displays: The number of VPC/VNets that only allow specific types of traffic to the internet, with the default action set to deny all traffic. The percentage of all VPC/VNets that are Fully Protected. The Fully Protected VPC/VNet Score. This becomes part of the overall Egress Security Score. How much of the Fully Protected VPC/VNet Score pertains to No Monitoring, Partial Monitoring, and Full Monitoring.
Ignored	Displays: The number of VPC/VNets that are ignored from the Egress Security Score calculation. The percentage of all VPC/VNets that are Ignored.
Overall Score	Displays the Egress Security Score calculation method.

Status

Description

VPC/VNet Status

Unmanaged

Displays:

The number of VPC/VNets that are not yet onboarded and that have no Aviatrix gateways deployed in the VPC/VNets. You can deploy Spoke gateways in your VPC/VNets from here by clicking Onboard.
The percentage of all VPC/VNets that are Unmanaged.

Managed

Displays:

The number of onboarded VPC/VNets that have Spoke gateways deployed within them.
The percentage of all VPC/VNets that are Managed.

Protection Status

Unprotected

Displays:

The number of VPC/VNets that have direct access to the Internet, and the traffic is not secured or protected.
The percentage of all VPC/VNets that are Unprotected.
The Unprotected VPC/VNet Score (which should be zero).

Monitored

Displays:

The number of VPC/VNets that have Spoke gateways deployed within them, and traffic to the internet is being logged at L4/L7.
The percentage of all VPC/VNets that are Monitored.
The Monitored VPC/NVet Score. This becomes part of the overall Egress Security Score.
How much of the Monitored VPC/VNet Score pertains to Partial Monitoring (some traffic to the Internet is logged) and how much of it pertains to Full Monitoring (all traffic to the Internet is logged).

Partially Protected

Displays:

The number of VPC/VNets that have selective traffic to the internet blocked, while the default setting allows all outbound traffic.
The percentage of all VPC/VNets that are Partially Protected.
The Partially Protected VPC/VNet Score. This becomes part of the overall Egress Security Score.
How much of the Partially Protected VPC/VNet Score pertains to No Monitoring, Partial Monitoring, and Full Monitoring.

Fully Protected

Displays:

The number of VPC/VNets that only allow specific types of traffic to the internet, with the default action set to deny all traffic.
The percentage of all VPC/VNets that are Fully Protected.
The Fully Protected VPC/VNet Score. This becomes part of the overall Egress Security Score.
How much of the Fully Protected VPC/VNet Score pertains to No Monitoring, Partial Monitoring, and Full Monitoring.

Ignored

Displays:

The number of VPC/VNets that are ignored from the Egress Security Score calculation.
The percentage of all VPC/VNets that are Ignored.

Overall Score

Displays the Egress Security Score calculation method.

How is Egress Security Score Calculated

Egress Security Score Explained

Related Topics