0
4.0.2
Yokohama, Xanadu, Washington DC, Vancouver
Mitigation controls monitoring automatically identifies how security tools such as endpoint protection (EDR) and web application firewall (WAF) are configured in your environment and what MITRE techniques are mitigated as a result. These mitigations are mapped to vulnerabilities so that your vulnerability managers can automatically reduce risk scores for vulnerable items based on available mitigation controls.
The following use cases are supported:
- Mitigation controls policies included with the application that help you identify various mitigations present on your assets based on how different security controls and tools are configured.
- Identify if your assets have Web Application Firewall (WAF) protection.
- Automatically map the WAF mitigation to vulnerable items by analyzing the policy signatures in the firewall and the Common Vulnerabilities and Exposures (CVE) information.
- Identify exploit mitigation controls from endpoint protection or Endpoint Detection and Response (EDR) tools like CrowdStrike and Microsoft Defender for Endpoint.
- Automatically map the EDR exploit mitigation controls to relevant vulnerable items by analyzing the vulnerability information and the EDR mitigation control configuration.
- Populate vulnerable items with relevant attributes that can be used in your Vulnerability Response risk calculator rules.
- Monitor assets for internal security compliance standards by creating custom mitigation control policies using advanced configuration data from EDR tools.
- View a mitigation controls summary on the dashboard and drill down to see the underlying assets.
- Supported Web Application Firewall tools include F5 Big-IP and AWS WAF.
- Supported Endpoint Protection or EDR tools include CrowdStrike and Microsoft Defender for Endpoint.
- Fixed
- Enhanced handling of VM–Server relationships via the CI Relationship [cmdb_rel_ci] table, enabling accurate population of mitigation details for related CIs.
- Implemented daily refresh of mitigation details in the Asset Insight [sn_vul_cmn_asset_insight] table to ensure current and accurate mapping of mitigation controls for vulnerable items (VITs).
- Mitigation controls are now more closely aligned with risk scores generated by your configured risk calculators.
- New
- Added support for Amazon Web Services (AWS) Web Application Firewall (WAF) detections to retrieve mitigation details for AWS infrastructure.
Dependencies
- Security Integration Framework
- Security Support Common
- Vulnerability Response Common