ThreatAware Systems allows you to manage the activity of your cybersecurity tools like Webroot, Umbrella, Automox, Meraki or Proofpoint. ThreatAware Systems offer a careful analysis of key information and presents risks in a prioritised and actionable way.
Complete cybersecurity management
The best way to ensure cyber hygiene and manage cyber risk is to continuously monitor the performance of your cybersecurity tools, people and processes.
ThreatAware is designed to make it easy to manage your cybersecurity. It alerts you to threats, clearly identifying what actions are required and when. It then tracks these tasks to completion to ensure an effective resolution of any issues.
The ThreatAware dashboard makes it straightforward to drill down to specific issues and the status of corrective actions. Uniquely, ThreatAware combines the management of people, cybersecurity processes and cybersecurity tools, in one place.
ThreatAware interfaces to each of your security tools and pulls only the most relevant data directly from them. This is then analysed to assess the relevant risk of each cybersecurity event, based on the frequency and how critical it is. Issues which require action are highlighted, providing a clear view of your level of enterprise risk and where it originates.
Webroot detects an intrusion
- Blocked infections won’t show an alert, but monitoring will continue
- A computer with out of date antivirus will trigger an amber alert
- If the machine is infected the alert will be red
To ensure clear ownership of each event within the team, ThreatAware has a simple yet highly effective ownership function.
All cybersecurity events remain unassigned until an engineer takes ownership and it becomes their responsibility to resolve them.
A quick look at the dashboard will immediately highlight any events that have not been assigned because the risk icon will be pulsing. Once assigned, the risk icon will stop pulsing but will remain red or amber until the issue has been resolved. This maintains throughout the process, allowing you to effectively manage every cybersecurity event from detection to resolution.
ThreatAware is the ultimate cybersecurity management system because no one can override the alerts, not even with admin rights. The system will only allow you to take ownership of a problem and fix it.
Each time ThreatAware polls the relevant tool, it verifies if the issue has been resolved and only when the risk has been eliminated does the alert return to green. Demonstrable confirmation that the cybersecurity event has been managed is provided by the monitoring tools, not the engineer.
For example, a red alert identifies a machine has a virus. An engineer must then take ownership and disinfect that machine. Only after ThreatAware rescans and confirms the machine is clean will the alert update to green. The engineer has no control over the alert status. We call this True Status™.
ThreatAware allows you to compare your cybersecurity situation with the normal activities and results for each of your cybersecurity tools at any given time. This is vital when trying to understand if a series of events are usual business activity or an anomaly requiring further investigation.
Whilst the trend data from within the tools themselves is typically only held for 30 days, ThreatAware holds up to a years’ worth of data for analysis, providing unrivalled insight.
Examining the trend data for Antivirus, for example, then observing the number of blocked infections over time could reveal an on-going attempted attack.