The first step when looking to improve your cyber security posture is understanding the risks you are vulnerable to, but once you have visibility of these risks, you then need to plan how to tackle them.
Hexiosec ASM’s powerful Actions feature helps you to understand and prioritise the actions you need to take to improve the security of your attack surface.
What is an Action?
As the name suggests, an ‘Action’ is a thing you need to do to resolve one or more risks against your attack surface. Instead of just giving you a long list of risks for you to investigate, Hexiosec groups your risks together based on the resolution required and the domain or IP address the risks are against.
For example, if there are multiple different Critical Vulnerabilities & Exposures (CVEs) against an out of date version of PHP you are using, one Action will be raised to update PHP on the domain it’s used on.
Similarly, if you have more than one risk relating to a certificate, one action will be raised by Hexiosec to resolve all issues with that certificate.
Action management
Now you’ve got a list of actions you need to take, you can use Hexiosec to manage these through to resolution.
The Kanban board view allows you to prioritise and track progress of the actions.
You can view the description & remediation help, assign an owner, add due dates and add notes. You can also view the individual risks that have been grouped into the action.
Resolution
Each time Hexiosec ASM rescans your attack surface, it is checking to see whether the risks that were previously identified are still present.
When the risks under an action are no longer detected, the action will automatically be marked as resolved, giving you confirmation that your fixes or other remediation activities have been successful.
In addition to this, notifications can be configured to alert you when risks that were previously detected are no longer found.
For more information about notifications you can read this blog: How to get the most out of your Hexiosec notifications.