• Jeffrey Lush

Focused Remediation and Continuous Monitoring

Following a successful analysis of risk and threat within the environment, remediation, and continuous monitoring are the next logical steps.

Starting in the upper left, of this illustration, ACATEE collects events from anywhere within the environment, to include hardware, software, cloud, manual input, and IoT devices. A POA&M or remediation task list is automatically generated, displaying actual risk to the environment, broken down by event, and aligned to the controls and policies within the organization.

On the upper right of the screen we see the artificial intelligence at work, analyzing the risk level and potentially elevating the risk for events that have been previously discovered, that have not been remediated.

For example:

  • Notice event 4924. The first time the event occurred was on 1 January, the risk counter is 0, as the event has never happened before on this system, and the assigned risk level of this event is 2.

  • On 7 January event number 4924 occurs again, indicating that the event has not been remediated. The risk counter turns to 1, and 50% of the original risk score is added, raising the risk of event 4924 from a low to moderate risk.

  • The event reoccurs on 1 February, now for the 3rd time in the environment, elevating the risk for event 4924 to 7.5 or high risk.

ACATEE's intelligence learns the risk patterns and dynamically increases the risk scores and priorities of the controls to ensure that repeated events are remediated. Of course, this setting is adjustable within the configuration, although it provides additional focus as it relates to the remediation efforts for the organization.

The example illustrates a single event, although, for most environments, there will be thousands of events, that will be aligned to hundreds of controls, all with different risk level values. Focused remediation is critical to providing a healthy cyber environment. As a result, continuous monitoring is enabled, to meet the needs of the environment. When the event log is processed, the event becomes stagnant, hence focused remediation is vital to the security of the environment.

Cascading resolution allows for remediation efforts to be replicated to all open POA&MS or remediation task lists with the same event codes. In this example, event number 4924 is one of 42 of the currently open 498 POA&MS or events on your remediation task list for this environment.

Once event number 4924 has been remediated, you will have the option to proliferate the remediation to all the POA&Ms or remediation task lists remediating the 4924-event code.

With too many events flooding the environment, the level of focus ACATEE provides significantly streamlines an organizations operation, and remediation efforts.

8 views0 comments

Recent Posts

See All