Alert Logic uses the concepts of exposures and remediations to help you manage security risks and perform related risk management activities. These exposures and remediations can be accessed and managed on the Exposures page in the Alert Logic console. This article will discuss the difference between an exposure and a remediation, how to access each, and considerations in managing exposures and remediations.
Exposures vs. Remediations
An exposure is a potential vulnerability detected in your environment, such as an outdated IAM policy or a specific security vulnerability that Alert Logic has detected in your protected environment.
A remediation is an action you can take to resolve an exposure or group of exposures, such as upgrading to the most recent version of a software package.
A single remediation may address numerous exposures, so it is common to find more exposures listed than remediations. Exposures are assigned a color-coded severity to indicate the criticality of addressing the issue as High, Medium, Low, or Info. The severity is based on the Common Vulnerability Scoring System (CVSS) score for this exposure.
Accessing Exposures and Remediations
Exposures and Remediations are accessed on the Exposures page in the Alert Logic console. This page is accessed by opening the navigation menu () and selecting Respond > Exposures.
When this page is accessed directly from the navigation menu, the page defaults to showing your remediations with no filters set. To switch to viewing exposures, click the View Remediations drop-down at the top of the screen and select Exposures.
Whether you are viewing remediations or exposures, the left sidebar allows you to apply filters such as threat level, deployment, subnet, and so on. Not all filters are immediately available; when you select a specific deployment as a filter, additional filtering options display.
To view full details on a specific remediation or exposure, click Open. This detailed view allows you to identify exactly which assets are affected, what evidence supports the finding, and what steps to take to address the exposure(s).
Note: For general information on using the functions on the Exposures page, refer to our Exposures documentation.
Drilling Down from Dashboards
Several modules in the Dashboards in the Alert Logic console summarize data that is also presented in more detail on the Exposures page. When reviewing the Dashboards, you can drill down to detailed information on the Exposures page for a specific visual.
For example, suppose you are reviewing the Vulnerability Summary dashboard and want to investigate further into your open security remediations. When you click Investigate in the Open Remediations module, you are directed to the Exposures page with the appropriate filters already set to only show security remediations.
From here, you could apply additional filters to only view High threat level remediations, view remediations for a specific deployment, and so on, and then begin planning your work to address the remediations.
Working with Remediations and Exposures
The intention of remediations and exposures is to help you use your time effectively to improve your security standing. Using the filters and features on the Exposures page, you can consider which items you want to resolve, dispose of items that you do not plan to address, and conclude items as you apply mitigation steps. While you can simply use this page to review your remediations and exposures, Alert Logic recommends marking items as disposed and concluded as you assess them, so you can accurately track your progress and security standing through dashboards and reports.
For general information on using the functions on the Exposures page, refer to our Exposures documentation.
Considerations When Disposing of Remediations and Exposures
When disposing of remediations and exposures, there are a few considerations you should keep in mind:
- You may dispose of exposures more often than remediations. Since a single remediation can resolve multiple exposures, you should carefully consider whether any of the associated exposures are valid and, therefore, the remediation should be addressed.
- When you dispose of an item, you are creating a rule to automatically address present and future exposures based on the filters you have set until the rule expires.
For example, suppose you have used filters to display exposures only for a specific Virtual Private Cloud in a specific Amazon Web Services deployment. You then choose to dispose of an exposure as an Acceptable Risk for the next 3 months. When you dispose of the remediation, it is only disposed of for the specific VPC and AWS deployment originally selected in the filters for the next 3 months, and the remediation could still display for other VPCs and deployments. In addition to the currently detected exposures in this VPC, any matching exposures in the VPC will also be automatically disposed of.