Product Updates

Discover the latest feature releases, improvements and updates.
All updates
Vectors
Asset Management
October 30, 2023

Auto-Archive Functionality update

We are constantly looking for ways to improve. We want ULTRA RED to be more useful, accurate, and provide actionable information. Recently we introduced the MTTR metric, to provide an insight into the efficiency of your teams, among other things. MTTR is the average number of days between the "First found" and the "Last seen" dates of a vector.

The auto-archive feature until now would kick in after seven consecutive days of a vector not coming up on scans. Before the introduction of the MTTR metric, this was sufficient but since the introduction of MTTR we started to run simulations to check whether we can achieve the same result with fewer days, we found that the three days achieves the same result as seven, any fewer and we got false negatives, any more did not yield better results.

The following is the entire process of an asset being scanned:

  1. An asset is sent to be scanned, its "Last scan" date is updated to the time the scan initiated.
  2. If the vector is found in the scan, its "Last seen" date will be updated, if not, nothing changes.
  3. If the “Last seen” date is three days older than the "Last scan” date of the asset, the vector is archived.
  4. All the remediation steps are marked as done and the archived vectors are "detached" from the asset.

In addition, detaching vectors from an asset affects the remediation and assets as follows:

  1. Remediation suggestions are based on vector tags. When a vector is archived - the system checks whether there is another vector with the same tag. If there is none, the remediation recommendation is removed.
  2. When no more vectors are attached to the asset - the asset is marked as "Remediated"

This may sound complicated and a substantial change in the behavior of the platform but in reality, it is not. The only thing that has changed is the number of days that need to pass for a vector to be deemed no longer verified. We have run extensive tests and simulations to make sure the integrity and accuracy of the data remains intact, and the percentage of false negatives does not change.

Following this change, we expect the MTTR metric to be a more accurate representation of how your assets and vectors are managed and you can identify any gaps that may require attention.