Tracking Security and IT Initiatives with Goals

Many organizations have ongoing initiatives to improve their security posture, ensure compliance, or maintain IT hygiene. The runZero Goals feature allows you to track, measure, and report on the progress of these initiatives over time, turning any inventory query into a measurable objective.

Who is this playbook for and why?

This playbook is for IT, Security, and Compliance teams who need to:

  • Measure progress against specific objectives, like eliminating end-of-life software or ensuring all assets have an owner.
  • Create trackable Key Performance Indicators (KPIs) from their asset inventory data.
  • Report on the status of security and IT initiatives to management and stakeholders.

How will runZero help?

runZero’s Goals feature provides a clear, visual way to track your progress against any objective that can be defined by an inventory query. By comparing the current number of assets matching a query to a defined target, you can easily see how your initiatives are progressing and where more attention is needed. This transforms your asset inventory from a simple list into a dynamic tool for driving improvement.

What will I need to do?

To track an initiative with runZero Goals, you will:

  1. Define a clear objective for your organization.
  2. Create a runZero query that identifies all assets related to that objective.
  3. Create a Goal to track the query results against a specific target.
  4. Monitor the Goal to view progress and report on your success.

Prerequisites

Steps to implement

Follow these steps to create and track a new Goal. For this example, we will create a Goal to eliminate all end-of-life operating systems.

1. Define your objective and query

First, determine what you want to achieve and how to find the relevant assets in your inventory.

  • Objective: Eliminate all assets running an end-of-life (EoL) operating system.
  • Query: Use the runZero query language to find these assets. You can build and test your query in the Asset Inventory. For our example, the query is: 
    (os_eol_extended:>0 AND os_eol_extended:<now) OR (os_eol_extended:0 AND os_eol:<now)

2. Create the Goal

Once you have your query, you can create the Goal.

  1. Navigate to Goals.
  2. Click New goal.
  3. Click Create baseline goal.
  4. Fill in the Goal details:
    • Name: Give your goal a clear, descriptive name. For example, Eliminate End-of-Life Operating Systems.
    • Description: Explain the purpose of the goal. For example, Track the number of assets running unsupported OS versions to reduce security risk and maintain compliance.
    • Target query: Paste the query you created in the previous step. For example, (os_eol_extended:>0 AND os_eol_extended:<now) OR (os_eol_extended:0 AND os_eol:<now).
    • Baseline query: Define your assets in scope for this goal. For example, we will only want assets that have an EoL value set, has_os_eol:t.
    • Set the goal threshold: Define success of the goal. You can either set a percentage or count of the assets to define success. For example, you may want 0 assets past EoL, so you could do Less than or equal to; 0; Fixed number. Or, you may want to allow for a buffer with a percentage like Less than or equal to; 5; Percent.
  5. Click Save.

3. Monitor and report

After creating a Goal, you can monitor its progress from the dashboard by pinning the goals. The dashboard provides an at-a-glance view of the current status compared to your target, allowing you to easily track your team’s progress and report on the success of your initiatives.

Sample Goals

Here are a few more examples of Goals you can create to track common security and IT initiatives. It is likely you will need to make slight modifications to the target and baseline queries depending on what is in scope in your environment.

Goal: Ensure Complete Vulnerability Scan Coverage

  • Description: This goal tracks assets discovered by runZero that have not been seen by your vulnerability scanner, helping you close gaps in your vulnerability management program.
  • Target Query: source:runZero AND not source:tenable (Replace tenable with your vulnerability management source, like qualys or rapid7).
  • Baseline Query: type:server OR type:desktop OR type:laptop
  • Goal Threshold: Less than or equal to 5%

Goal: Update logins on all services using default passwords

  • Description: This goal tracks services that are using a default credential for login.
  • Target Query: finding_name:"Service Accessible With Default Credentials"
  • Baseline Query: alive:t
  • Goal Threshold: Less than or equal to 0

Goal: Remediate Publicly Exposed RDP

  • Description: This goal tracks assets with the Remote Desktop Protocol (RDP) exposed to the public internet, which is a significant security risk.
  • Target Query: service_has_public:t and protocol:rdp
  • Baseline Query: has_public:t
  • Goal Threshold: Less than or equal to 0

Goal: Assign Ownership to All Assets

  • Description: This goal helps enforce IT hygiene by tracking assets that do not have an owner assigned in runZero.
  • Target Query: has_owner:f
  • Baseline Query: alive:t
  • Goal Threshold: Less than or equal to 25%

Outcome demo

This video is a short demo of what the outcome of creating and tracking Goals may look like.

Getting help

If you need assistance with the Goals feature, you can book a session with a runZero Customer Success Engineer to discuss further.

Updated
Previous: Scanning with SNMP Next: Compliance alignment