Devices
Organizations have multiple types of devices, such as desktops, laptops, routers, switches, storage devices, printers, phones, and more. A compromise in the security of any of the devices helps cyber criminals steal the sensitive data of the organization. Therefore, securing each device is important to ensure the overall security posture of an organization.
Respond helps security teams manage the details of devices, such as licenses, SLAs, hardware, network, software, and security. When the security of a device is compromised, security analysts can take appropriate action to perform the necessary precautionary tasks to ensure the safety of the device. Some examples of the actions are:
Updating the software
Installing security patches
Device Management Flow
The following illustration shows the overall workflow to manage actions in CFTR:
Add Device: Add a device to manage the security details in the application. The default status of a device is Clean. For more information, see Add Device.
Connect Modules: Connect the CFTR modules, such as incidents, enhancements, campaigns, users, and more, to collect contextual information about the security details of the device. For more information, see Connect the Dots.
Update Device Status: If a device is suspected to be compromised, update the device to the appropriate status. For more information, see Update Device.
Create Action: Create and associate an action with the device to perform security tasks. For more information, see Create Action.
Perform Action Task: Analyze the requirements of the action and perform the security tasks to ensure the safety of the device, and then close the action.
Update Device Status to Clean: After closing the action and ensuring that the security compromise has been corrected, update the device to Clean status. For more information, see Update Device.