Remediation Planner

The Remediation Planner page serves as a simulation tool where users can interactively implement and test remediation steps recommended by the system in a virtual environment. Administrators have the opportunity to actively address vulnerabilities by executing remediation actions and then simulating the outcomes to assess their effectiveness.

Upon entering the Remediation Planner, administrators can engage with the virtual environment to apply the recommended remediation steps to resolve vulnerabilities. Once the remediation actions are implemented, administrators can initiate the simulation process to evaluate the impact of the remediation efforts.

During the simulation, the system analyzes the network's security posture before and after the application of the remediation plan. It provides a detailed report comparing critical paths, vulnerabilities, and overall security status before and after the remediation process.

The report generated by the Remediation Planner offers valuable insights into the effectiveness of the remediation plan. It highlights any improvements in the network's security posture following the implementation of remediation actions and provides administrators with a clear understanding of the impact on critical paths and vulnerabilities.

Features

• In the Remediation Planner page, administrators are presented with critical assets, all of which are gradable, with the most critical assets labeled as 1. This prioritization allows administrators to focus their remediation efforts on the most crucial components of the network. Each critical path within the figure is clickable. When addressing vulnerabilities, administrators have the option to apply remediation measures using either batch or custom firewall configurations. This flexibility empowers administrators to choose the most suitable approach based on the nature and severity of the vulnerability, as well as the specific requirements of the network environment.

• When clicking on a critical asset within the Remediation Planner page, administrators are presented with simulation actions that can be taken to address vulnerabilities affecting that asset. These simulation actions typically include two options: patch and custom firewall.

1. Patch: The patch action involves applying updates or fixes provided by the vendor to mitigate the identified vulnerability. This may require installing a new version of the software or applying a patch specifically designed to address the vulnerability. In some cases, the vendor may provide injection code or other mitigation measures to remediate the vulnerability effectively.

2. Custom Firewall: The custom firewall action enables administrators to implement firewall rules tailored to block connections that could exploit the vulnerability. By configuring firewall settings, administrators can restrict access to specific connection associated with the vulnerable asset.

• The page includes a feature for listing "Applied Actions." When a user selects an action to address vulnerabilities, such as "Patch" or "Custom Firewall," the action is added to the "Applied Actions" list on the right side of the page. Users can manage these actions by deleting individual actions from the list or clearing the entire list. Deleting an action from the list indicates that the action is rolled back, effectively undoing it.

• On the right-hand side of the page, there are two informative tiles designed to enhance user experience by providing helpful information about the page's functionality.

• After applying actions to all assets, clicking "simulate" triggers a message indicating that the AI is processing the changes. This ensures that the system reevaluates the network's security posture based on the updated status

• After clicking “Simulate” and completing the analysis of the new data, users can view the resulting report. This allows them to compare the status of their network before and after applying the remediation, providing insights into the effectiveness of the actions taken.

• Users can also extract this report as a PDF to be saved on their device, making it easy to refer back to at any time.

To view the effect of the remediation planner, navigation to the Home page is required where the results will be displayed. Clicking on "show" allows users to access the detailed report showcasing the impact of the remediation planner on the network's security posture.