What are Situations?
To understand situations in the context of digital infrastructures and cybersecurity alerts, it’s first important to understand events and signals. In short, events are any observable occurrence or activity within a computer system while signals are clues or indicators pointing to potential threats, risks, incidents, or malicious activity.
As a further refinement (or subset), situations are aggregated or correlated sets of signals that offer a more comprehensive view of a potential security incident or threat. By grouping related signals together in this manner, security teams can better prioritize their time and efforts and respond to incidents more quickly and appropriately.
To simplify the task of processing petabytes of data and distilling events into actionable insights, Resolution Intelligence Cloud™ provides an engine that correlates high-quality and repetitive signals originating from a variety of technologies by using artificial intelligence and machine learning. In doing so, the platform is able to identify macro-level issues or situations (sometimes called pre-incident situations) in IT infrastructures. These situations serve as the foundation for a robust, risk-analysis framework or scoring mechanism. By introducing the innovative concept of situation-based risk analysis, this new framework transcends traditional risk-assessment methods and encompasses not only cybersecurity but also a broader spectrum of business and strategic considerations.
While the Resolution Intelligence Cloud platform can resolve most situations through automated processes, it will convert certain situations into ActOns. These ActOns serve as triggers that prompt the intelligent routing of notifications to the appropriate operations teams. This orchestrated response is essential for quickly responding to and managing potential risks and ultimately, avoiding disruptions to IT infrastructures and business.