The Digital Risk Underdog: Remediation

When it comes to evaluating threat intelligence and digital risk solutions, collection has been at the fore of the narrative – and rightly so. Extensive coverage, with effective risk detection mechanisms in place, acts as the eyes and ears of an organization – detecting potential organizational risks.

While collection is clearly important, a large part of this narrative, remediation, goes under-recognized and under-leveraged.


3 Challenges to Implementing Threat Intelligence

Gartner recommends that in order for threat intelligence to be leveraged successfully, it should acquire, aggregate, and action.

Gartner, Market Guide for security threat intelligence products

Figure 1: Gartner, Market Guide for security threat intelligence products


In practice, however, this process may be harder to implement consistently, and this could be down to several factors:

  • Too much data: Perhaps the collection mechanism in place is inundating the end user with too much information, which results in the user spending too much time triaging it and not enough time actioning it.
  • Lack of confidence: Alternatively, this could be down to the fact that the user “lacks confidence in using that information to make decisions,” indicating that the information lacks context or simply doesn’t provide enough assistance.
  • Threat data is unactionable: As a result of the points above, the threat intelligence can not be actioned, because the data lacks relevance, context or even guidance as to what to do with this next.

Consequently, these factors create an imbalance, whereby more time is spent focusing on acquiring and aggregating information – and failing to action.


Consequences of sitting in triage

Alert inaction can, to some extent, create a number of challenges for an organization – and impacts. Here’s how:

Consequences of unmanaged digital risk

Figure 2: Consequences of unmanaged digital risk


The solution: Built-in Remediation options

Here at Digital Shadows, remediation is not an afterthought – but rather remediation is embedded into our customers’ workflows – to reduce the friction often associated with managing digital risks. Here’s how:

1. Playbooks:

When a security practitioner deals with an alert, there can often be confusion around what to do with that incident next, resulting in inaction and/or time wasted triaging it.

Well no more scratching your head, wondering what to do next!

Digital Shadows has designed a set of built-in custom playbooks, which assist with mitigation.

Digital Shadows’ Built-in Playbooks

Figure 3: Digital Shadows’ Built-in Playbooks


Step-by-step guidance: Once an alert has been raised by SearchLight, the user can open up a pre-configured playbook, which is mapped to the NIST Computer Security Incident Handling Guide. First, the playbook will ask the user to triage the alert, to confirm and evaluate the risk.

Next, the playbook will provide immediate actions to contain, reduce or manage the risk, then it provides post-incident activity, with the goal to provide longer term actions to manage and prevent recurrences.


Streamline responses: The built-in functionality ensures information security teams do not waste time sitting in triage, wondering what to do with the alert. Rather, information security professionals can efficiently streamline the time required to respond to an alert, more easily.


Consistency: The purpose of these playbooks is to ensure individuals adopt consistent advice.


2. Takedowns

Of the actions available within alert playbooks, users can launch takedowns with the click of a button.

Digital Shadows has built-in end-to-end management of takedowns that quickly removes infringing content, domains, documents, or mobile applications. Rather than wasting time chasing a takedown request, Digital Shadows performs the takedown on your behalf, with options to track the status directly from the SearchLight portal.

Digital Shadows’ end-to-end takedown management

Figure 4: Digital Shadows’ end-to-end takedown management


You can read more about Managed Takedowns in our datasheet here:

Digital Shadows Managed Takedown Service


3. Leverage Integrations

Remediation efforts should not be siloed to one tool – but rather differing tools should work in tandem to effectively solve security problems. With this in mind, Digital Shadows has a host of technology integrations, across SIEM, SOAR and ticketing, to assist with this.

Digital Shadows’ roster of technology integrations

Figure 5: Digital Shadows’ roster of technology integrations


4. Workflow options

Choose from flagging, whitelisting, closing or commenting in an alert. Such an array of options enables users to manage, track, and operationalize alerts.

Digital Shadows’ workflow options

Figure 6: Digital Shadows’ workflow options



Front and centre: Don’t let remediation become an afterthought

Whether your threat intelligence function collects data manually or relies on an external provider, either option should embed remediation into the workflow.  

If remediation seems daunting, Digital Risk Solutions are an attractive option, in that sense, because they can manage and mitigate risk on your behalf.


If you’re interested in more, join or watch our webinar to see these response options in action!

 operationalizing alerts webinar


You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *

Unique Visitors
» 2,009 Today
» 42,130 Yesterday
» 105,827 This Week
» 557,969 This Month
» 3,251,256 This Year
» 19,486,351 Total (since 2019-12-11)
» Record: 205,757 (2023-08-13)
Counter by DarkWeb.Solutions