Conventional security postures are premised around disparate and distinct network appliances, software, and devices, which often are unable to communicate with one another. To resolve such issues, security software companies have produced threat-intelligence software suites that are capable of importing data from various different devices. However, these tools amount to little more than a reporting tool that generates analytics reports using data converted from disparate formats of the originating devices. But these tools often lack remediation component that is automated and adaptive to a particular vulnerability. In addition, these analytics and reports are usually focused on the metrics associated with the originating device. For example, the analytics will indicate an enterprise's antivirus posture based on data received from the enterprise's antivirus management server. But the analytics could not indicate, for example, each of a variety of different vulnerabilities of several computing devices in the enterprise. What is needed is a means of generate datasets based upon a holistic view of an enterprise, but also allowing the data to be updated and dynamically adjusted in real-time.
With respect to remediation, security teams often employ a conventional helpdesk-ticket model. But this model is not adaptive to particular needs of an enterprise, and may be dependent upon out-of-the-box configurations of the disparate devices in the enterprise system. In particular, the helpdesk-ticket model of remediation has a static set of business rules that are unable to adaptively address complex issues, can slow the mitigation process and thus perpetuate ongoing vulnerabilities in an enterprise, and can be prohibitive or less-than-optimal data gathering for data analytics. Indeed, even conventional systems that allow for data collection and analytics, the analytics are performed separately, as a distinct programmatic behavior, where the primary output is merely a human-readable report of the analytics. But ultimately responses are manual, assignments are manual, and mitigations often require manual reconfiguration of the network. What is needed is a transformative and scalable capability providing enterprise administrators and automated remediation devices with quantified, normalized, real-time visibility into device status and remediation devices.