Efficient management and tracking of actions from vulnerability scans and penetration tests
Asset-based risk and compliance assessments informed by scanning and test results
Automated real-time updates of risk status on receipt of event data and metrics providing improved risk-based decision making
Fewer costly business disruptions, fines and reputational damage from security incidents.
Business owners are under pressure to manage their risks and vulnerabilities efficiently. Threats and vulnerabilities are constantly changing so a robust and effective vulnerability management solution is needed to reduce the risk of business disruption. Vulnerability management involves identifying, assessing, classifying and mitigating serious security weaknesses and finding the root cause to remediate any faults in your organisational processes, policies or standards.
A common challenge is the effective management of vulnerabilities following identification, if these vulnerabilities are not properly managed and mitigated the use of a vulnerability scanning tool quickly loses its cost effectiveness and leaves your organisation exposed to exploitation. Vulnerability scanning tools such as Qualys, Rapid 7 and Nessus are used to scan Hosts / IP Ranges to identify potential infrastructure vulnerabilities, but a system is needed to track and manage these.
Outputs from these tools as well as penetration testing can be automatically uploaded into STREAM for progression and tracking. In addition, the register of Assets in STREAM can be automatically reconciled against an external Asset Management / CMDB data source, to ensure that critical assets have been registered and as a baseline for ongoing scanning operations.
STREAM can also automatically capture control metrics from external security solutions, such as metrics on the proportion of devices ‘up to date with the latest operating system patches’. Vulnerability, penetration testing, incident and control metrics data imported from external tools can be automatically linked to related controls, risks, actions, and other objects in STREAM, thereby providing real-time, operational risk and compliance status information for management.
- For each detected vulnerability, STREAM can:
- Raise a ‘Vulnerability Event’, linked to the particular Asset(s) and escalate to managers if not resolved correctly
- Capture key information and recommended remediation steps
- Raise a remediation action, with an assigned owner, status, priority and appropriate action due date
- Provide tracking reports to monitor the status of each vulnerability and related activities
- Monitor, manage and report on the status of key controls with automated scheduling, alerting and workflow
- Record and manage incidents, raise actions and track progress which can be linked to risks for greater insight into true risk status and risk-based prioritization of actions
- Access risk and compliance status information on-demand: details are updated immediately on each data source import with historical records being retained
- Schedule automated imports of control metrics from security solutions or run interactive data imports and build custom reports to meet your exact requirements.
Contact us to discuss your requirements