“Where the heck do I start?” Or: Why we created Remediation Planner

By Oren Parag, Principal Product Manager | October 5, 2021
Share:

CyCognito_ThisisFine_Blog_102021

When everything is critical, nothing is critical

Every security tool in the security operations toolbox generates alerts. New exposures. New vulnerabilities. New viruses and malware. New devices accessing our network. They all generate an alert. And when it’s your job to sift through the alerts to triage, validate, and action them, it’s incredibly hard to prioritize each against the mountain of other things that could and should be fixed.

It’s an issue every security operations practitioner and their boss deals with on a daily basis: We have all of these issues. We have all of these alerts. We have all of this work. So where do we start?

In a world where every alert, every asset, every issue is not equal, you need to begin prioritizing by thinking about two things: impact and effort. What do I tackle first?

So we built the Remediation Planner to help your teams make the biggest impact in eliminating security gaps with the most focused and efficient effort possible.

Improvement is in the eye of the beholder (and it’s beautiful)

Everyone wants to get better and improve. For enterprises, this simply means being more secure than yesterday. And that could be by having fewer vulnerabilities in your attack surface. Or it could be by patching 1,000 machines.

We built the CyCognito platform to go beyond discovering issues (and with its high fidelity--you don’t need to worry nearly as much about false positives as you do with, say, an IDS system), and to take everything about that issue into context to better prioritize its resolution AND the resolution of multiple issues.

To make things easy on security operations teams when it comes to remediation, our approach is to give you:

  • Expert guidance with detailed, actionable remediation guidance, evidence of uncovered issues, and links to other resources.
  • Prioritization based on attacker priorities and business importance of the asset, not a one-size-fits-all CVSS rating.
  • The opportunity and metrics needed to improve your average remediation time (MTTR).
  • A focused, customized-for-your-organization remediation plan that instantly shows you what you need to do to raise your current security grade to your desired security grade: what assets and issues need to be addressed and how long it will take based on your current average remediation time. 

A deceptively simple idea, built on complex analytics

The Remediation Planner makes it very quick and easy for security teams to define the scope of their remediation plan and then understand exactly what needs to be done to achieve the plan. On the back end, of course, there is a lot of sophistication that makes the plan turnkey for you. These analytics include:

  • Security grading for every asset
  • Automatic attribution for every asset (for every organization, environment, platform)
  • Issue identification for every asset
  • Issue prioritization based on the organization as well as attacker priorities
  • Remediation metrics, such as average time-to-remediate and issue aging

Tell us what you want, we handle the rest

Want to move your overall security grade from a D grade to a B? That’s all the Remediation Planner needs to know. In a minute or less, it will then produce a remediation plan tailored to your organization’s goal. You can see exactly what issues need to be resolved to get you where you want to go.

Maybe you don’t have many resources and you just want to fix as many issues as possible. The Remediation Planner can group issues by fix so that you can remediate the most issues with the least amount of work (patches, for example).

Maybe you’ve fielded a lot of questions about remote access from your management or even the board of directors. They’ve seen that ransomware has infected others in your market and they want to ensure that you’re not an easy target. The Remediation Planner will quickly show you all of your exposed remote access issues for resolution.

You can also create custom plans based on nearly any criteria: Geography, business unit, organization, asset type, or vulnerability (CVE, affected software).

“How are you doin’?”

Everyone wants to know how they’re doing against their goals. CyCognito makes it easy to see the progress (both generally speaking, and progress toward completing a remediation plan). Managers and executives can monitor dashboards to see how things are trending. These can help answer questions like:

  • How many of our issues have we resolved?
  • How is the security posture of our UK subsidiary? Is it improving?
  • What has changed over the last month on our attack surface?

Want to learn more?

Our goal has always been to enable organizations to see themselves and their attack surface the way that attackers do. The logical next step is to show you what you need to do to ensure that attackers can’t get in. Our Remediation Planner gives you that insight.

To learn more, you can read our data sheet, or if you’re interested in understanding how the CyCognito platform can help you protect your attack surface, watch this demo or request a time to talk

About Oren Parag, Principal Product Manager

Oren Parag, Principal Product Manager, is a skilled product manager with over 14 years of professional experience across the cybersecurity industry. Oren is always observing and preparing for emerging threats, how to defend against them, and how to help organizations secure digital assets and customers.

mobile

Start Eliminating Your Shadow Risk

Demo Request