Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  3. NetBackup™ Web UI Administrator's Guide
  5. Section IX. Managing security
  7. Minimizing security configuration risk
  9. About security configuration risk
NetBackup™ Web UI Administrator's Guide

About security configuration risk

Security configuration risk depends on the status of the security settings in your NetBackup domain. A high configuration risk score implies that more number of security settings need to be configured in the domain. To minimize the risk, enable all the required security settings.

The security risk score is also determined based on the active status of each host in the domain. A host is considered to be active if it has participated in secure communication within the domain during the last seven days.

Risk score for the following settings is determined based on the active status of the hosts:

  • Secure data-in-transit encryption (DTE)

  • Service user configuration

See Security settings to be configured to minimize risk.

For more information on how to minimize the security configuration risk, see the article.

The NetBackup web UI dashboard shows the security configuration risk score. When you change any of the security settings, the risk score is updated on the dashboard.

The following parameters help you learn the current security scenario in your domain and how you can minimize the security configuration risk.

Use the NetBackup web UI dashboard to see these parameters.

Current posture

Current posture comprises the current values of NetBackup security settings. It is recommended that you enable all security settings to minimize the security configuration risk.

See Security settings to be configured to minimize risk.

Security baseline

Security baseline is a collection of recommended security settings for your NetBackup domain. For the first time, you configure the security settings as per the recommendation, and use this current posture as your security baseline.

By default, security baseline is not configured.

See Security settings to be configured to minimize risk.

See Set the current posture as security baseline.

The security baseline is managed by the NetBackup Administrator or the Security Administrator.

For primary servers that are registered with Cohesity Alta View server, the security baseline is managed by the Cohesity Alta View Administrator.

Recommended values

Recommended values for any given setting represents the possible values of the setting which are considered secure. It is highly recommended to align the current posture of every setting as per the recommended values in order to observe the most secure environment.

Compliance status

If a NetBackup security setting (current posture) does not comply with the security baseline, it is shown in the compliance status as 'Not compliant with the baseline'.

You should review the compliance status and modify the security settings to minimize the risk.

RBAC roles and permissions

To view the Security configuration risk card on the NetBackup web UI dashboard, you should have the following roles and permissions:

See Configuring RBAC.

RBAC roles

Permissions

Custom

View, update global security settings

Feedback

Was this page helpful?
Previous

Minimizing security configuration risk

Next

Security settings to be configured to minimize risk

Feedback

Was this page helpful?