Remediation Actions: A Powerful New Feature for Incident Response

February 1st 2023

We are proud to announce a new and exciting feature for Enterprotect 360 - Remediation Actions. This feature allows users to perform remediation actions for some Incidents, such as deleting a file, terminating a process, or uninstalling a program. The feature will greatly enhance the security posture of your organization, as you can now proactively mitigate the risk associated with a security incident.

The remediation actions that are currently supported are:

  • Remove files

  • Delete registry keys & values

  • Terminate processes

  • Uninstall software

  • Stop services

  • Delete scheduled tasks

These remediation actions are available for Incidents generated from the following apps/tools:

  • Advanced Breach Detection

  • Suspicious Tools

  • Malicious File Detection

Our development team is constantly working to improve this feature and add more remediation capabilities and support for more apps/tools in the future.


How to Run a Remediation

To run a remediation, follow these simple steps:

1. Logon to the Enterprotect 360 Console

 


2. From the Dashboard, click on Review in the Open Incidents notification banner or from the left-hand navigation menu click on Incidents.

 


3. From the Incidents list, choose an Incident and click View Details.

 

4. From the Incident Details view, click Action button, then click Remediate.

 

5. Review the remediation details and select the desired remediation steps. You can choose to select which actions are taken by clicking on the check box next to each remediation step. The Isolate All Devices option will isolate the device during the remediation process. The process of isolation will prevent the device from communicating on the network with any other destination except the Enterprotect 360 console.

After reviewing and selecting the remediation steps click on Execute to perform the chosen remediation actions.

Note: In this example the files detected from the PuTTY application will be deleted.

 

The Remediation Process

After the Execute button is pressed, Enterprotect 360 sends a remediation message to the targeted device(s). The agent responds to acknowledge the request and begins executing the assigned remediation steps. Once the remediation has completed the agent will send a message back to Enterprotect 360 to indicate the completion status of Complete or Failure.

You can view the status of a remediation at anytime from the Incident View

 


From the Incident List click on Remediation Status for the desired incident.

 

Once the remediation actions are complete, the Incident will be marked as Resolved.


The feature is now live. Start taking advantage of this powerful feature today!

Please note that this feature is currently only supported on Microsoft Windows and is not available on Mac or Linux.

Previous
Previous

Why DNS Filtering Should Be Part of Every Organization's Cybersecurity Plan

Next
Next

Maryland’s Atlantic General Hospital hit by Ransomware: Patient Care Impacted