Remediation

TECHNICAL DEFINITION

Remediation is a critical phase in the cyber incident response lifecycle, following containment, focusing on the eradication of identified threats, removal of malicious artifacts, patching of exploited vulnerabilities, and implementation of security controls to restore affected systems and data to a secure operational state, thereby preventing recurrence of similar security incidents.

BACKGROUND

Continuous Exposure Management (CEM) is a cybersecurity approach that provides continuous, real-time monitoring, assessment, and prioritization of an organization’s security vulnerabilities and exposures. CEM focuses on identifying and mitigating risks by analyzing attack paths and providing recommendations, ensuring organizations maintain a resilient cybersecurity posture.

SYNONYMS & ALIASES

• Fixing
• Eradication
• Restoration
• Repair
• Mitigation
• Sanitization

USAGE NOTE

Remediation is executed after an incident has been contained, often involving patching, reconfiguring systems, and strengthening security postures to ensure threats are fully removed and systems are secured.

DEVELOPERS

Organizations developing technology related to Remediation.

• CrowdStrike

  Provides cloud-native endpoint protection, threat intelligence, and incident response services, including automated remediation for detected threats and vulnerabilities.

• Palo Alto Networks

  Offers a comprehensive security platform including XSOAR for security orchestration, automation, and response, enabling rapid and automated remediation of security incidents.

• Mandiant (Google Cloud Security)

  Specializes in incident response, threat intelligence, and proactive remediation services, helping organizations recover from and prevent sophisticated cyberattacks.

• SentinelOne

  Develops an AI-powered autonomous endpoint security platform that provides automated detection, prevention, and remediation of threats across endpoints and cloud workloads.

• Rapid7

  Offers vulnerability management, penetration testing, and incident detection and response solutions that include capabilities for prioritizing and guiding remediation efforts.

• Microsoft Security

  Provides a comprehensive suite of security products, including Defender for Endpoint and Microsoft Sentinel, which offer automated investigation and remediation capabilities for various attack vectors.

• IBM Security

  Delivers a broad portfolio of security services and products, including threat intelligence, SIEM, and SOAR (via Resilient), enabling rapid incident response and remediation actions.

• ServiceNow

  Offers Security Operations solutions that automate incident response and vulnerability remediation workflows by integrating security tools and IT processes.