Remediation is the reputation of being the most frightening stage and, nevertheless, is the most important in a weakness management program, often associated with extensive reports and rounds of IT e-mail labels. I’m Justin Prince, Senior Security Solution Engineer at Rapid7, and now I will guide you through Rapid7 InsightVM recovery projects, IT ticket system integration, service level goals and agreements (Live Dashboard) and the live control panel to show you a quick and efficient remediation. It can be a reality for security and IT teams of all sizes.
Manage Remediation Activities in RAPID7
We are exploring remediation projects. InsightVM restoration projects provide you with the visibility and information you need through the remediation process to carry out tasks until completion and verification. To create a remediation project, identifiers must first establish a set of tasks and define the scope of the project based on the assets or weaknesses we want to address.
Here, we will remove Windows assets with critical vulnerabilities. Next, we will assign the project to the appropriate section. If you are transferring activities to your IT counterparts for the patch application, you can control the level of the context and the details included in the ticket, even if they are not users of InsightVM. To ensure that remediation activities for this project have been completed in an appropriate period of time, we will set up an expiration date within two weeks. Because InsightVM is created to facilitate teamwork, you can take advantage of its integration with existing IT ticketing tools, such as Atlassian Jira or ServiceNow, to advance tasks.
In this example, we will arrange automatic tickets through ServiceNow ITSM. In just a few steps, we created a Remediation Project. From this point of view, we not only see where we are in the process of remediation, but also the actions we can take to minimize the greatest risk value in the least amount of steps.
Remediation Activities in InsightVM
So, restoration projects help navigate our processes, but how do we monitor the effectiveness of our program? This can be a challenge when completing remediation activities involves several teams and projects. Enter service level goals and agreements. We may create different types of goals, including service-level agreements to ensure that we have achieved measurable progress at the appropriate speed and sustainability. When creating a new goal, we can choose between three types of goals depending on what we want to track: Time limit, SLA and Continuous. Time Boundary goals help you keep track of the risk of a static asset or weakness on a certain date. SLA’s goals keep track of your ability to comply with certain policies during a dynamic period of time. Continuous goals will keep track of your progress or compliance with current standards with no time limit constraints.
We will choose a continuous goal for now. Just like the Remediation Project we created earlier, we first need to define our goal for follow-up. To ensure that we comply with best practices, we want to make sure we do not have any assets in our TLS v1 enabled environment. For now, let’s limit our concern to Windows and Linux assets, and show that there is an appropriate filter. Now that we have defined the scope, we need to define the exact standards we want to meet. We will write this goal accordingly, and because it is important for the business that we maintain compliance, we control it within our personalized control panel. Beyond them in a moment. We may choose to delineate a specific goal at any time and view our assets in and out of compliance.