Defense.com's threat management tools are designed to save time by giving you the ability to manage the threats and remediation steps identified by the platform - all through a single interface.
Let's start off by navigating to the Threat List:
Login to your Defense.com account and select the Threats icon from the left-hand menu.
Next, click Threat List
Once on the Threat List page, you will see a list of Threats that have been identified so far. By default, this is ordered based on the threat's criticality (which ranges from Critical to Recommendation) so that you can quickly identify the issues that need your attention first!
You can also filter your threats to see threats of a specific type or status using the filters at the top of the page.
The list displays the risk level, title, creation date and status of each threat. The Actions column allows you to view/manage the threat and complete actions such as changing the status or assigning it to a user.
Let's take a look at how you can manage a threat and what actions you can take by clicking on the eye icon next to a threat.
Here you'll see a detailed Description of the threat we've identified, how to remediate the issue, add notes, and if the threat has been identified through vulnerability scanning, the option to suppress/ignore the threat.
From the Remediations tab, you can view remediation information, assign this remediation to a specific user, or update the remediation status.
To help you manage these vulnerabilities, the Threats List provides you with the option of updating the status and marking them as one of the following:
False positive: At times it isn't possible for the platform to confirm the existence of a vulnerability and instead, a threat is generated based on the information we have available i.e. make, model or software versions. If this is the case and the threat created isn't valid - you can assign it the False positive status.
Risk accepted: If you identify a vulnerability that poses a low risk to your system and decide that you can accept the risk, you can mark it as "Risk accepted". This indicates that you have acknowledged the vulnerability but have chosen not to prioritise its remediation.
Remediated: Once a vulnerability has been addressed and resolved, you can mark it as "Remediated". This indicates that the vulnerability is no longer a security threat to your system.
Compensating control: In some cases, you may not be able to fully remediate a vulnerability but can put compensating controls in place to mitigate the risk. In such cases, you can mark the vulnerability as "Compensating control" to indicate that you have implemented measures to minimize the risk.
Selecting compensating control with prompt with a popup box for you to explain and notate the compensating control.
You can also assign and update the status of threats either individually or in bulk from the main Threat List view.
Once applied, the vulnerability status will update, and you can view a log against the vulnerability by clicking the eye icon within the Remediations tab.
To assist in remediation and tracking, the Notes tab allows you to keep an up-to-date record of your remediation activity, which is perfect for demonstrating all the good work you're doing to auditors. Need to add attachments to share with other users? No problem - you can do that here!
That's it 🎉. You now know how to view and manage your threats and remediations. Time to get to work on remediating those pesky vulnerabilities to help make your business more secure!