Managed Vulnerability Intelligence [watch]
Managed Vulnerability Intelligence
The problem: Vulnerabilities galore
- Operations teams are overwhelmed by vulnerability reports.
- The elimination of all weak points in a time- and cost-efficient way is no longer possible.
- A prioritization of the weak points is urgently required.
- The CVSS classification (Common Vulnerability Scoring System) is not suitable for this because it does not reflect the actual risk in the context of the organization concerned.
14,709
new vulnerabilities were discovered in 2017, an increase of 128% compared to 2016
61%
of the vulnerabilities show a significant criticality (CVSS 5-10)
4 new vulnerabilities
were added per day in 2017 with the highest criticality level (CVSS 9-10)
The solution: Managed Vulnerability Intelligence
Instead of just using the abstract severity of a vulnerability as the only indicator to determine the risk, we determine its actual relevance. To do this, we record whether it is being used for attacks in current malware and many other criteria, and from this we calculate a risk index on the basis of which targeted patching can take place.
The data and risk-based approach
- Enrich - Vulnerability information is correlated with Threat & Exploit Intelligence.
- Prioritize - prioritization of the weak points using a risk-based approach (Risk Meter Score).
- Visualize - visualization of the resulting risk and the possible risk reduction.
- Alert - Alert when the risk level changes or when patching SLAs are violated.
Risk Meter Score - The indicator for the risk potential of your IT assets.
Scope of services
- BYOS (Bring Your Own Scanner): Your existing Vulnerability Management installation can be integrated into the service, provided the product used is compatible (Tenable Nessus, Rapid7 Nexpose, Qualys QualysGuard or Outpost24 Outscan)
- Scanner included - If you do not have a vulnerability management solution, we will provide it as part of the service.
- Onboarding workshop
- Scheduled scans
- Customized Risk Dashboards
- SLA monitoring
- On-demand scans
- Authenticated scans
- Strategy meetings
- Policy scans
- Vulnerability / Policy Advisory Call
Recommended solutions: