Threat management is the practice of using a combination of early detection systems such as
intrusion detection systems , security information and event management systems,
etc.—and security tools to proactively monitor for and counter threats to your business’
A unified threat management system is a specific type of security threat management system
that collects all of the tools for threat management into a single solution. With a UTM, you only
have to deal with a single technology vendor for all of your threat management needs. This
minimizes the complexity of dealing with your business’ network security—helping save
management time and effort.
Basically, the term “unified” can be a bit of a misnomer, since the solution may not actually
replace everything you need to protect your business online across all of the platforms it
operates on. Additionally, using one solution for all of your cybersecurity needs makes it so that
one exploit or bug can be used to bypass all of your protections. Using different solutions to
create a “defense-in-depth” solution makes it harder for attackers to break into your network.
What is Threat Remediation?
Threat remediation refers to the process by which organizations identify and resolve threats to
their systems. A threat is anything that can infiltrate your system to steal information, hurt
operations or damage your software and hardware.
Today, one of the biggest threats to enterprise businesses happens to be ransomware, a form
of malware that seizes your operations until you pay exorbitant costs that increase over time.
Ransomware, if not paid, can permanently lock you out of important files that are critical for
Organizations who are yet to embrace the principles of threat remediation — such as
implementing virus prevention software — have higher risk of infections like ransomware or
This can be achieved in two important steps:
Step 1: Run a thorough Risk Assessment
Step 2: Deploy a Vulnerability Management System
Sounds easy enough but threat remediation may not be as simple as it looks on paper.
Implementing the following steps will ensure your organization takes further control of its
Step 1: Risk Assessment
A risk assessment refers to the process by which a business can gather intelligence about
potential vulnerabilities in their systems and operations that may leave them susceptible to
cyber threats. It’s the first essential piece of the puzzle for coming up with any threat
When preparing to conduct a risk assessment for your organization, be sure to consider
these nine key areas:
- Third Party Vendors: How secure are their operations? How much visibility and insight
do you have? Who is the cybersecurity point of contact for each vendor you work with?
- Security Management: Who is in charge of implementing strategy? What strategy is
being implemented? Has it been effective? What changes should be made?
- Security Architecture: What programs are currently in place? How effective are they?
What measures can be added? What tools are available to teach employees about the
- Emerging Technologies: What can be added to enhance security? How secure are new
technologies that are currently in place? Where are these technologies applied –
physical server, virtual server, cloud?
- Regulations and Policy: What is the current security policy? How does it impact overall
security? What updates can be made?
- Incident and Crisis Management: How are you monitoring for incidents currently? How
well is it working? How are incidents resolved today?
- Identity Management: What authentications are in place? What password protections
- Awareness & Education: What programs are in place to educate employees about
cybersecurity? What tools and guidelines are given to employees?
- Threat & Vulnerability Management: What systems are there to identify and remediate
vulnerabilities and threats?
There are numerous goals of a risk assessment. Some include assisting IT departments in a total
inventory of assets, determining a standard for cataloging risk and vulnerabilities and making it
easier to prioritize which vulnerabilities should be tackled first.
It is important to note that the best way to prioritize risk data is in a way that is easily
actionable. A long list of vulnerabilities on a spreadsheet is not the most functional document.
However, creating actionable data means developing a system where easily digestible
information can be shared among key stakeholders, typically the essential members of security
and operations teams.
Risk assessments can be conducted by in-house IT departments and members of executive
management, or by a third-party cybersecurity partner, equipped to handle the needs of your
Step 2: Deploy a Vulnerability Management System
After conducting a thorough risk assessment and learning each vulnerability, you can now begin
to implement a vulnerability management system. With vulnerabilities and risks prioritized,
companies can focus on protecting the most important assets first.
This can be achieved utilizing a vulnerability management system (VMS) which actively
monitors risk and responds to threats.
Active Network Monitoring
The process of active monitoring for network security includes the collection and examination
of security data and escalation for remediation if necessary. This security data comes in the
form of indicators that serve as warnings of potential vulnerabilities.
Indicators & Warnings
Indicators & Warnings (I&W) form a process by which networks are monitored to increase the
likelihood of identifying threats. Having vulnerabilities, alone, does not necessarily translate
into threats that are trying to intrude on your system. However, the I&W process will provide
the requisite guidance.
Indicators are observable actions that suggest there may be an issue. In a system of I&Ws,
these indicators produce a warning. A VMS alerts stakeholders of the warning signs, and
automates remediation processes.