• Automated identification and status tracking of the assets being scanned, with alerting of new or absent scanned nodes
• Automated maintenance of a Vulnerability Catalogue containing previously detected vulnerabilities, as well as highlighting new vulnerabilities
• Support for multiple scan domains across the business, using multiple scanning solutions
• Key management metrics to track the health of vulnerability and asset management
• Fewer business disruptions, fines and reputational damage from security incidents
Business owners are under pressure to manage their risks and vulnerabilities efficiently. Threats and vulnerabilities are constantly changing so a robust and effective vulnerability management solution is needed to reduce the risk of business disruption. Vulnerability management involves detecting, assessing, classifying and mitigating serious security weaknesses and finding the root cause to remediate any faults in your organisational processes, policies or standards.
Vulnerability Management is typically addressed by regularly using one or more Vulnerability Scanning solutions which focus on specific technical infrastructure domains.
A key challenge is in detecting the Scanned Nodes (assets) that comprise each domain, and in tracking deltas to these nodes from one scan to the next. This is important so that new scanned nodes are alerted, and also scanned nodes which were present in a previous scan but are no longer visible to the scanner.
Another common challenge is the effective management of detected vulnerabilities following their identification. If critical vulnerabilities are not properly managed and mitigated – and within appropriate timescales – then the use of vulnerability scanning tools quickly loses its cost effectiveness and leaves your organisation exposed to exploitation. Vulnerability scanning tools such as Qualys, Rapid 7 and Nessus are used to scan Hosts / IP Ranges to identify potential infrastructure vulnerabilities, but a system is needed to track and manage these.
In order for technical staff to address vulnerabilities efficiently, they need to be able to prioritise remediation activities on a per-vulnerability and per-scanned node basis, and this requires clear visibility of the criticality of the nodes and the vulnerabilities.
When scanning regularly, it is important for the system to track deltas from previous scans both in terms of the scanned nodes and also in terms of the vulnerabilities. STREAM automatically marks vulnerabilities from previous scans which appear to have been addressed (perhaps through successful patching). This allows management to focus on investigating those which remain ‘open’ or perhaps which require escalation because the related scanned node is no longer responding to the scan.
STREAM can also automatically capture control metrics from external security solutions, such as metrics on the proportion of devices ‘up to date with the latest operating system patches’. Vulnerability, penetration testing, incident and control metrics data imported from external tools can be automatically linked to related controls, risks, actions, and other objects in STREAM, thereby providing real-time, operational risk and compliance status information for management.
- STREAM automatically detects, tracks and reports the following details from each vulnerability scan:
- The technical domain with which the scan file is associated
- The date and time that the scan is loaded into STREAM, together with the identity of the technician loading the scan
- The relevant scanning tool (Qualys, Nessus or Rapid7)
- No. of active scanned nodes detected within the domain
- No. of newly detected vulnerabilities in the scan
- No. of new distinct vulnerabilities in the scan which have not previously been seen in this domain
- No. of vulnerabilities which have been closed since the previous scan
- The total no. of open vulnerabilities which still require remediation
- Tracking and highlighting of any changes to the baseline of scanned nodes
- Remediation actions are automatically raised, prioritised, scheduled and assigned to appropriate technical staff
- Managers can configure which level of risk/criticality is appropriate when identifying and managing vulnerabilities
- Auto-assignment of ownership for detected vulnerabilities and remediation actions, based on rules defined at the domain level or for individual scanned nodes
- Auto-update of previously detected vulnerabilities – an associated remediation actions – following successful patching
- Auto-escalation to a supervisor if anomalies are detected, e.g. scanned nodes not responding to a scan, or vulnerabilities persisting after patching
- Monitor, manage and report on the status of key controls with automated scheduling, alerting and workflow
- Record and manage incidents, raise actions and track progress which can be linked to risks for greater insight into true risk status and risk-based prioritization of actions
- Access risk and compliance status information on-demand: details are updated immediately on each data source import with historical records being retained
- Schedule automated imports of control metrics from security solutions or run interactive data imports and build custom reports to meet your exact requirements.
Contact us to discuss your requirements