BackStreamlined Remediation with Your XDR Cybersecurity Platform
Issue Management
Each security issue detected by the XDR platform is comprehensively documented with a detailed description. This includes information about the nature of the threat, how it was detected, and its potential impact on the organization.
Components:
- Description: Provides a clear and concise overview of the issue, including the type of threat, detection method, and potential risks.
- Affected Assets: Lists all assets impacted by the issue, such as users or servers, along with specific details about each asset's vulnerability or compromise.
- History: Tracks all actions taken on the issue, including who closed or dismissed it. This ensures accountability and provides a clear audit trail.
- Comments: Allows for detailed documentation and discussion about each affected asset. Comments can include observations, steps taken to address the issue, and any relevant notes for future reference.
Affected Assets
Types of Assets:
- User Assets:
- Example: "User with no MFA (Multi-Factor Authentication)"
- Details: Identifies individual users who may pose a security risk due to missing security measures or suspicious activities.
- Server Assets:
- Examples:
- "Certificate is expired"
- "CVE (Common Vulnerabilities and Exposures) detected on Server X"
- Details: Highlights server-specific vulnerabilities such as expired certificates, unpatched software, or known vulnerabilities that need immediate attention.
- Examples:
Asset Details: Each affected asset is documented with specific information relevant to the issue. This includes the asset type, the exact nature of the problem, and any pertinent metadata that assists in remediation.
History Tracking
Functionality: The history feature provides a chronological record of all actions related to each issue. This includes:
- Who: Identifies the user or system that took the action (e.g., closed, dismissed).
- What: Describes the action taken (e.g., issue closed, issue ignored).
- When: Timestamp of when the action occurred.
Benefits:
- Accountability: Ensures that all actions are traceable to specific individuals or automated systems.
- Audit Trail: Facilitates compliance and auditing by maintaining a detailed record of issue management activities.
- Transparency: Provides visibility into the lifecycle of each issue, helping teams understand how and when issues were addressed.
Commenting System
Purpose: The commenting feature allows users to add notes and updates related to each affected asset within an issue. This promotes collaborative problem-solving and ensures that all relevant information is documented.
Features:
- Asset-Specific Comments: Comments can be attached to individual assets, providing context-specific information.
- Documentation: Users can document remediation steps, observations, and recommendations.
- Collaboration: Facilitates communication among team members working on resolving the issue.
User Interface (UI) Design
Grouped Layout: The XDR platform employs a "grouped" UI design to streamline issue management and provide a clear overview of security incidents.
- Main Table:
- Single Entry per Issue: Each issue is listed only once per organization, regardless of the number of affected assets.
- Grouped Information: Aggregates all relevant details of the issue, including a summary and overall status.
- Side Drawer:
- Accessing Affected Assets: Clicking on an issue in the main table opens a side drawer that displays all affected assets related to that issue.
- Detailed View: Provides in-depth information about each asset, including descriptions, comments, and individual statuses.
Benefits:
- Clarity: Reduces clutter by preventing duplicate entries for issues affecting multiple assets.
- Efficiency: Allows users to quickly access detailed information without navigating away from the main table.
- Organization: Keeps related information grouped together, making it easier to manage and analyze security issues.
Status Management
Status Types:
- System-Managed Statuses:
- Open: Indicates that the issue is currently active and requires attention.
- Closed: Signifies that the issue has been addressed by the system or automatically resolved.
- User-Managed Statuses:
- Resolved: Denotes that the user has manually addressed and fixed the issue.
- Ignored: Indicates that the user has chosen to dismiss the issue without taking further action.
Grouped Issue Status: The overall status of a grouped issue in the main table is determined by the statuses of its individual affected assets. The platform uses the "minimal" status approach, where the highest priority status (e.g., Open) takes precedence.
- Status Hierarchy:
- Open: If any affected asset is Open, the grouped issue is marked as Open.
- Closed: If no assets are Open but some are Closed, the grouped issue is Closed.
- Resolved: If all assets are Resolved, the grouped issue is Resolved.
- Ignored: If all assets are Ignored, the grouped issue is Ignored.
Status Logic:
- Minimal Status Principle: The grouped issue reflects the most critical status among its assets. For example, if even one asset is Open, the entire issue remains Open to ensure that critical vulnerabilities are not overlooked.
Benefits:
- Prioritization: Ensures that the most critical issues are highlighted and addressed promptly.
- Simplified Tracking: Provides a clear and concise view of the overall security posture without getting bogged down by individual asset statuses.
- User Control: Allows users to manually resolve or ignore issues based on their assessment and organizational policies
Frequently Asked Questions
Can I manage multiple assets with XDR?
Yes, our XDR platform allows you to monitor and manage multiple assets across your organization, ensuring comprehensive coverage and efficient issue resolution.
What are the key features of your XDR platform?
Our XDR platform includes a centralized dashboard, automated threat detection, incident management, detailed reporting, customizable remediation actions, and seamless integration with existing security tools.
What is XDR?
XDR stands for Extended Detection and Response. It is a comprehensive cybersecurity solution that integrates data from multiple security layers to detect, investigate, and respond to threats more effectively.