This workflow allows the selection of high risk items in the DeepSurface Risk Analyzer and then optimize how to break them up into consumable tasks and automatically assign them to the appropriate staff. This allows teams to fix the security risk in the simplest way without necessarily introducing unnecessary risks.
First you select items that are high risk or concerning. This is a big bucket of things that need to be addressed, but at this first step, the decision about HOW they should be addressed has not been determined. You can throw an eclectic mix of items into a plan to start, even if some items overlap with others (e.g. adding a specific CVE and a specific patch, even if the patch addresses that CVE on some systems). In effect, this “bucket” of items is really just a big list of vulnerability instances (each vulnerability instance represents a single vulnerability on a single device) that were selected based on what higher-level items you chose to add to the plan.
The next step is the tasks stage where we take the large bucket of vulnerability instances and slice them up into ALL of the ways you could potentially address that risk. All of the proposed fixes will not necessarily be implemented, the workflow gives options based on what eliminates the most risk with the least effort. Some of the suggestions could be “patch this host” if that single host is particularly vulnerable to a patch you selected. This allows testing a patch on a small number of devices before rolling it out more broadly. Also note that at this stage, the same item may be listed more than once. For instance, if a given device has multiple owners, the same task suggestion for each of those owners (the “owner” of a device is determined by the existing configured tags).
Once a task is selected, the list of task suggestions are presented based on what vulnerability instances remain, always sorted by the risk reduction achieved. If two different patches could address the same risk, and you select one of them, then we’re going to de-prioritize the other patch because the associated vulnerability instances are assumed to be taken care of elsewhere. (Also, note there is a checkbox on the tasks page that filters out any suggestions that don’t solve for remaining risk.)
Continue selecting the most convenient tasks until the remaining suggested tasks have very little risk associated with them. At that point, you’ll be at a good place on the curve of “diminishing returns” and have easily manageable tasks to assign to administrators and analysts to perform.