ACSIA Help Center

ACSIA Cyber Risk Assessment (CRA) User Manual

Federico Trotta
Federico Trotta
  • Updated

1. Overview

In this article, we'll see how to access and use the ACSIA CRA platform which is 4Securitas' Cyber Risk Assessment platform.

ACSIA CRA performs numerous passive checks to evaluate your infrastructure, highlighting where your business is weak or strong against a cyber attack. ACSIA CRA makes multiple passive tests and does not simulate an actual cyber attack against your infrastructure.

In simple words: ACSIA CRA collects some data and metrics from your infrastructure; it elaborates them and tells if your infrastructure is weak or strong in the case of a cyber-attack.

At the end of the process, ACSIA CRA assigns a number to the scanned company. This number represents how weak or strong your infrastructure is in the case of a cyber attack, but this is not a definitive number. In fact, the platform performs a check on your infrastructure every now and then, depending on your license.
All the scans performed with ACSIA CRA are recorded inside our databases, and some of our engineers will have access to that information. We use the information gathered to improve our product and detect anomalies or malfunctions. We already discussed internally possible solutions to improve this area, but as of today, we don't have a solution in our roadmap to address this feature request.

2. How to log in

To log in to the platform, you have to request a username and a password to the ACSIA CRA support team.

After that, you can log in here.



3. Basics platform understanding

You can see some information if you click on "Overview" (1).

For example, in the red rectangle on the top left (2) of the screen, you can see your Company's information. On the top right of the screen (3), instead, you can see the rating you've been given by CRA. The CRA score (3) refers to your public-facing exposure to the internet. The CRA risk assessment score is measured with an index consisting of 6 clusters and a value of 0 (least secure) to 100 (most secure)


Also, you can see that ACSIA CRA found:

  • 114 Assets, but only 78% have been analyzed. This happens because your assets may refer to services such as Amazon Web Service (AWS) or similar: in this case, our scanning doesn't go any further. Also, by Assets, we mean the elements that are assessable from a cybersecurity
    perspective, that are exposed, and that make up an organization's attack surface.
  • 59 hosts. By host, we mean any information present in a DNS of a domain registered by the organization that typically identifies an internal or external IP address.
  • networks. By network, we mean a set of IPv4 or IPv6 announced as a single block in BGP, the minimum network announced in IPv4 is a /24 (256 IPs) and IPv6 /48 (65536 IPs). 
  • 4 AS. By AS, we mean Autonomous System: a set of IPv4 or IPv6 networks, identified by a number assigned through IANA by the regional internet registries that identify an internal provider and routing policy.
  • 3 Domains. By Domain, we mean the Internet domain registered by the organization on a top-level domain (eg. .com/.net/.it/.eu).
  • 14 IPs. By IP, we mean the IPv4 or IPv6 Internet address linked to an organization's asset.
  • 16 Websites. By Website, we mean any host exposing anything on the internet that responds to port 80 (HTTP) and port 443 (HTTPS).
  • 2 Emails. By Email, we mean any mail server or an e-mail service typically linked to a domain providing inbound e-mail services.
  • 1 DNS. By DNS, we mean a domain name server, a service configured to respond to an Internet domain registered by the organization in which entries are made identifying the resources accessible via a mnemonic name linked to the linked domain.

Scrolling down, we can see a radar graph like the following:

2- RADAR.png

Here we can see:

  • On the left, the radar plot shows how the risk index is distributed, among all the assets. In this example, we can see that the website and the domain have the highest exposure, while the DNS and email have the least exposure.
  • On the right, we can see the trend of the risk index over time, starting when the license has been purchased.

The risk index can be read as follows:


This means that:

  • an asset with a 0-30 risk index requires immediate action.
  • an asset with a 90-100 risk index does not require actions.


The risk index varies at each scan. ACSIA CRA scans your infrastructure on a regular basis, depending on your subscription, but you can also perform manual rechecks.


When we scroll down, we can see some more details on the exposure to the risk:

3 - torta.png

For example, the above plot shows that the website is the asset with the highest exposure risk. In fact, the wide red band tells us that here we have a wider band of attack.


If we scroll down, we can see the dependencies of the various assets; meaning we can understand how the assets are related to themselves:

This does not mean that the assets are really physically connected to each other. CRA software just found them logically related to each other.


Finally, we can visualize all the details related to the assets. To do so, you can follow the guide dedicated to assets management.

4. Events and notification manual

Starting from version 23.06.001, we've deployed a new notification system that allows you to stay updated on security issues within your companies. The system consists of two parts: notification configuration and your feed.

Let's see them both.


4.1 Notification Configuration

The configuration of the platform's notification system allows you to set up notification channels
and topics.

Topics represent the subjects for which the user wants to receive notifications. By default, the
user is subscribed to the topics "Platform News" and "World News," as well as any subscriptions
they have technical access rights. Each of these topics can be enabled or disabled, and if enabled, the desired severity level for receiving notifications can be set.

The severity levels are:

● "Exclusively alert notification"
● "Warning and alert notification"
● "Info, warning, and alert notification"


The topic for the user's subscriptions cannot be disabled but only the severity level can be set.

In addition to these topics, a user can configure a different notification level for specific
companies. This can be set directly on the company's page through the "Actions -> Edit
Notifications" menu and can be later modified or reset to the default subscription level for that

The "Subscription" topic should be understood as the default setting for companies belonging to
that subscription.


Each user has two channels available for configuration: "Feed" and "Email." The "Feed" channel
is displayed within the platform's dashboard (see explanation below). The "Email" channel is
automatically configured with the email used for platform login and cannot be modified. Each of
these channels can be enabled or disabled, and if enabled, the desired severity level for
receiving notifications can be set.

The severity levels are:

● "Exclusively alert notification"
● "Warning and alert notification"
● "Info, warning, and alert notification"



Generated events and operation example
The platform automatically generates events that can be sent to users based on their settings.
For example:

● The rating for a company is recalculated, changing from 84 to 78.
● An event with a "warning" severity is generated.
● Every user with access to the company’s subscription is eligible to receive the
notification. The severity level set for the topic is checked, and if it is equal to or lower
than the event's severity level, the notification is kept; otherwise, it is discarded.
● For each user who should receive the notification, the severity levels set for the channels
are verified. If they are equal to or lower than the event's severity level, the notification is
sent; otherwise, it is discarded for that channel.


The interface for the internal feed within the platform can be accessed via the bell icon located
in the top-right corner of the dashboard. The bell icon also indicates the number of unread
notifications in the last 7 days. Each notification is automatically marked as read upon opening.
Various filters and actions are available for easier navigation and searching within the