Active checks monitor the activity of your cybersecurity tools like Webroot, Umbrella, Automox, Meraki or Proofpoint. ThreatAware active checks makes a careful analysis of that information and presents risks in a prioritised and actionable way.
The best way to ensure cyber hygiene and manage cyber risk is to continuously monitor the performance of your cybersecurity tools, people and processes.
ThreatAware is designed to make it easy to monitor and manage cybersecurity, alerting you to threats, making it clear what actions are required and ensuring that these actions are effectively followed up to completion.
The ThreatAware dashboard gives instant visibility and makes it straightforward to drill down to specific issues and the status of corrective actions. Uniquely, ThreatAware combines the monitoring of people, cybersecurity processes and cybersecurity monitoring tools, in one place, on one dashboard.
ThreatAware interfaces to each of your security tools and pulls only the most relevant data directly from them. This data is then further analysed to assess the relevant risk of each cybersecurity event, based on the frequency and how critical it is. Issues which require action are then highlighted giving a clear view of the level of enterprise risk and where it originates Cybersecurity monitoring and SIEM in one dashboard.
Webroot detects an intrusion
- Blocked infections won’t show an alert, but monitoring will continue
- A computer with out of date antivirus will trigger an amber alert
- If the machine is infected the alert will be red
To ensure clear ownership of each event within the team, ThreatAware has a simple yet highly effective ownership function.
All cybersecurity events remain unassigned until an engineer takes ownership and it becomes their responsibility to resolve them.
A quick look at the dashboard will immediately highlight any events that have not been assigned because the risk icon will be pulsing. Once assigned the risk icon will stop pulsing but will remain red or amber until the issue has been resolved, maintaining visibility that there is a cybersecurity event being worked on.
ThreatAware is the ultimate monitoring system because no one can override the alerts, not even with admin rights. The system will only allow you to take ownership of a problem and fix it.
Each time ThreatAware polls the relevant tool, it will verify if the issue has been resolved and only when the risk is verified to have been eliminated does the alert return to green. Demonstrable confirmation that the cybersecurity event has been managed is provided by the monitoring tools, not the engineer.
For example, a red alert identifies a machine has a virus. An engineer must then take ownership and disinfect that machine. Only after ThreatAware rescans and confirms the machine is clean, will the alert update to green. The engineer has no control over the alert status. We call this True Status™.
ThreatAware allows you to understand what the normal monitoring activities and results are for each of your cybersecurity tools and can compare them with the current situation. This is vital when trying to understand if a series of events are usual business activity or an anomaly that should be investigated further.
Whilst the trend data from within the tools themselves is typically only held for 30 days, ThreatAware holds up to a years’ worth of data for analysis, providing unrivalled insight.
For example, looking at the trend data for Antivirus then observing the number of blocked infections over time could reveal an on-going attempted attack.