What is Mondoo’s Move the Needle?

Our new Move the Needle dashboard shows you which remediations bring the biggest risk reduction in your environment for the lowest effort, along with a quick path to action. It provides fast answers so it’s immediately clear where you can get your next biggest and quickest wins. By showing this information front and center, you spend less time making decisions, and start remediating earlier and more effectively.

Space risk scoring

Mondoo calculates the average risk score per asset and displays this in the Move the Needle dashboard. This score ranges from 0-100, where scores closer to 0 indicate lower risk, and scores closer to 100 indicate higher risk. Next to the space risk, Mondoo shows the top actions for risk reduction. And this is where the magic happens. For each remediation, Mondoo shows:

• What the risk reduction will be
• How many assets will be fixed
• What the estimated effort is

Each remediation effort is ordered by the highest risk reduction combined with the lowest effort. In other words, ordered by the biggest x quickest wins. Then for each remediation there is a ‘Take action’ button that instantly starts the remediation process. With Mondoo’s accelerated remediation, the process is much faster than manual remediation. The combination of Move the Needle and faster remediation made it possible for us to reduce our risk score by 54% in just under 3 hours. Here’s the full story:

#1. A critical risk score of 98 (yikes!)

We began with a space risk score of 98—a critical state demanding immediate attention. Note that there were no critical exposures in the environment that needed to be fixed with priority. So we could turn our attention entirely to the remediations that would bring us the biggest risk reduction at the lowest effort.

Mondoo showed us exactly which top five actions we needed to tackle. Let’s take a closer look. At first glance, the list might seem surprising. While one vulnerability affected 2,000 endpoints, the dashboard identified a vulnerability on just 75 servers as the #1 priority.

This is the intelligence of the system at work. Mondoo enriches every finding with Risk Factors—like 'Internet Facing' or 'Critical Asset'—to calculate the true potential impact. In this case, several of the Apache Struts machines had been tagged as critical assets, which made this the most important risk reduction opportunity at the lowest effort.

So Mondoo recommended the following top three remediations, along with the estimated remediation effort with Mondoo:

1. -24.85 Points | 75 assets: Apache Struts RCE (CVE-2017-5638)
   
   • Manual Effort: 10.5 hours | Mondoo Effort: 15 minutes
2. -18.10 Points | 2,000 assets: Chrome V8 Type Confusion (CVE-2022-3723)
   
   • Manual Effort: 36 hours | Mondoo Effort: 1 hour, 50 minutes
3. -15.05 Points | 500 assets: Log4Shell RCE (CVE-2021-44228)
   
   • Manual Effort: 21 hours | Mondoo Effort: 35 minutes

You'll notice the huge difference between "Manual Effort" and "Mondoo Effort". Our manual estimate is realistic—it assumes you already have patch deployment tools and vulnerability scanners. The hours we calculate represent the hands-on-keyboard time an engineer spends operating those tools: managing staged rollouts, troubleshooting failures, verifying results, and handling all the steps in between.

Mondoo's speed comes from automating that entire workflow. We don't just find problems; we provide ready-to-use code, automate ticketing, and integrate with your existing tools to orchestrate the fix from start to finish, freeing up your engineers from the manual oversight.

#2 How we reduced risk by 24 points by fixing Apache Struts RCE

Following Mondoo’s recommendation, we started with the Apache Struts RCE (CVE-2017-5638) remediation. What would have taken 10.5 hours of analysis, scripting, and deployment, we were able to address in just 15 minutes by triggering an Ansible playbook directly from the platform.

With one remediation, we eliminated our single greatest threat. The impact was immediate: our space risk score dropped from 98 to 73.15.

#3. How a Chrome fix got us another 18 points risk drop

Second on the list was the Chrome V8 Type Confusion (CVE-2022-3723) vulnerability. This was a perfect example of scaling challenges. Manually patching 2,000 endpoints would take an estimated 36 hours. With our automation integration, the effort is reduced to 1 hour and 50 minutes.

After the fix, our score is down to 58.05. Now we're making real, quantifiable progress. Time for a pat on the back!

#4. Another 15 point risk reduction with Log4Shell fix

To finish, we knocked out the third remediation on the list, which was the Log4Shell RCE (CVE-2021-44228) vulnerability. We were able to complete this in 35 minutes, a task that would have consumed 21 hours of manual effort.

Done. In under three hours, we took our space risk score from a dangerous 98.00 down to a much healthier 45.00. We didn't have to boil the ocean; we made three high-impact changes, guided by a system that understands context combined with raw numbers. More importantly, we completed over 67 hours of manual security work in just under 3 hours.

Conclusion

The example above shows the core principle of Mondoo’s ‘Move the Needle’: empowering teams to make the smartest decisions and reducing the most significant risks at the lowest effort. With Mondoo’s accelerated remediation, teams can instantly submit tickets for remediation, along with complete remediation steps and code snippets for fast resolution.

Interested in learning more? Schedule a personalized demo with one of our Mondoo experts.