Use Cases

Our cutting edge agentless architecture of the discovery of assets combined with our drive for simplistic design means that ThreatAware is far more than pure cyber security controls monitoring solution.  It has the ability to improve the efficiency of managing your assets and the controls that protect them.

Learn More >

Cyber hygiene status across a Distributed Ecosystem

Great cyber hygiene management has recently been citied to prevent as much as 98% of attacks.  To achieve impeccable cyber hygiene ThreatAware integrates all of your security tool responsible for each cyber hygiene element.  This data is then seamlessly matched against all of your cyber assets instantly highlighting any flaws in your cyber hygiene.

ThreatAware’s unique API approach for asset discovery and hygiene status means that all of the data is coming from source without an additional layer which could fail such as an agent on each device.

The end result is after 15 minutes you have the accurate cyber hygiene status of all cyber assets.

Agent Coverage

Due to the industrialisation of ransomware attacks, combined with attackers commonly pivoting from weak targets and laterally moving. The need for a perfect coverage of security agents across all operating systems is now a critical element in any defence strategy.
The challenge of creating perfect coverage has never been easy, however when trying to do across a modern distributed ecosystem with a spread of operating systems and agents for specific cases, it is close to impossible using traditional methods. All at a time when the need has never been greater.
ThreatAware solves this complex problem by finding all devices which are accessing your organisation’s systems by integrating those systems via API. In conjunction ThreatAware queries your security agent consoles and combined ThreatAware shows you security agent coverage across all devices in 15 minutes and this data is updated live every 30 minutes.

Critical Control Monitoring

ThreatAware can help with efficiently monitoring the status of the controls which are required for many of the Cyber Essentials and ISO 27001 controls.

ThreatAware is entirely automated in discovering your assets and validating the control status of the most critical controls.

These include but are not limited to Antivirus protection, Patching, Device Encryption, Web Proxy and MFA.  Having these monitored and audited every 30 minutes is a great way of maintaining compliance and keeping your business secure.

Vulnerability Management

When identifying assets from a distributed ecosystem comprehensive Vulnerability Management can be extremely challenging.  ThreatAware simplifies this challenge through two separate approaches.  Firstly our Device Inventory with custom views quickly highlights any devices with missing patching agents and/or patches.  Secondly due to ThreatAware being able to plugin into multiple products of the same type you are able to connect your internal, external vulnerability scanners and multiple patching solutions.

All of the devices and alerts are consolidated and triaged to leave you with a clean lists of assets and their active vulnerabilities.

 

Software Vulnerability Management

Agent overload is a big issue and lots of IT teams are trying to remove the number of agents being deployed to each machine.  ThreatAware’s software inventory is a great example where ThreatAware utilising the information that your existing agents are gathering without the need for a new agent.

A detailed software inventory of every piece of software including version and install date.  By having a live generated list of software you can quickly find vulnerable software within your estate.

Attack Surface Management

A sprawling attack surface increases the risk of attack purely by having more areas to defend.  One of the challenges is not knowing the size of your attack surface in the first place.

By utilising ThreatAware’s smart device inventory you are able to filter by external ip ranging and create dynamic lists of all devices with a particular external IP address.  For example a list of devices with an external IP within a site’s range but excluding the default IP which would include all workstations.

 

User Lifecycle Management

With such a huge array of Cloud systems which hold sensitive company data combined with the ease that new users can been added to systems, it doesn’t take long for users that have left or changed to still have access when they should not.

ThreatAware allows you to see all of your users from multiple systems in one concise list with the various systems that they have accounts for.  When their accounts have not logged into a particular systems for over 60 days and is “stale” you will be alerted.

Additionally if the primary mailbox gets deleted but other accounts are still live you will get alerted.

Device Lifecycle Management

Trying to manage a devices, especially with the huge number of people who are remote working or hybrid is extremely time consuming.  With ThreatAware can you can instantly see all of the your devices which are accessing corporate systems and the relevant asset information.  Asset detail manufacturer, model, warranty info, serial number and other such details.  You can filter this information by logged in user, make, model or operating system then saved these views for future reference.  This allows teams to easy manage huge device inventories ensuring that the older computers are replaced within the policy timescale.  Lastly all of the decommissioned machines remain in the “deleted” list so you can have it for audit reasons.

Incident Response

Many security incident that occur end up being false alerts once they have been investigated.  However with any security incident investigation time is of the essence as it could be genuine.  ThreatAware’s highly accurate asset inventory of devices & users with full audit history of IP details, login audits dramatically reduces the investigation time.  This is possible ruling in or out data points regarding the incident in question.

As an example if there a quick succession of failed logins on multiple systems from an IP address and that IP is not registered to any corporate devices.  This info alone means that you are likely able to know it is a genuine attacker and you can take the correct course of action based on that info.

Alert Triaging

Alert fatigue is a huge issue for cybersecurity teams.  When you look at a platform like Microsoft 365 there are currently 16 admin consoles.  When you login to each of these consoles they are all littered with hundreds of alerts.  Now add all of the different security tools that your organisation uses, the sheer number of alerts can literally be impossible to manage.

The worse part of this situation is that there are often critical alerts that if left will leave critical vulnerabilities open.  ThreatAware helps addressing this issue by triaging the alerts from their various systems.  Meaning that only high and critical issues are fed through to the ThreatAware alerting system.

Lots of the underlying platforms don’t have their alerts categorised in this fashion, meaning even through the native consoles it is impossible to do this.

The end result means that if you are team are time poor at any given moment, they can focus on the highs and critical unless they have more time available to improve further and work on the medium’s and low’s.