Secunia Vulnerability Intelligence Manager

Size: px
Start display at page:

Download "Secunia Vulnerability Intelligence Manager"

Transcription

1 TECHNOLOGY AUDIT Secunia Vulnerability Intelligence Manager Secunia Reference Code: OI Publication Date: July 2011 Author: Andy Kellett SUMMARY Catalyst Secunia Vulnerability Intelligence Manager (Secunia VIM) is a security management system that supplies the latest intelligence on vulnerability threats while acting as an early warning tool. It is used by the IT departments and security teams of organizations worldwide to take pre-emptive action. One of the key features of the VIM is the automated security ticketing system, which also maintains user-generated application and software asset lists. These are used to automatically generate vulnerability notifications, in the form of security advisories, each time the solution detects that an asset is at risk. Most organizations have elements of vulnerability management in place. Some make use of security information and event management (SIEM) technology or follow public vulnerability newsgroups and information feeds from their software. However, many find it difficult to keep pace with the constant disclosure of vulnerabilities that are putting their operational systems at risk. Fundamentally, they would benefit from a more controlled and structured approach. In this context, Secunia VIM can be used to build a vulnerability intelligence system from scratch or support existing security management processes. Key findings Secunia VIM provides accurate, up-to-date, vulnerability intelligence. Ovum (Published 07/2011) Page 1

2 The information provided is easily accessible and relevant to security managers. Secunia intelligence determines how critical each vulnerability is, and reports on the likely impact. VIM can interact with other security management tools, but is not designed to deliver patch updates (if required, Secunia CSI can fulfill the patch update role). Due to the VIM relationship with other security tools, the company plans to provide improved integration with third-party SIEM and governance risk and compliance (GRC) products. The primary target audience is the government sector and enterprise organizations with their own security teams. Ovum recommends Businesses must be proactive in the management of their operational software, applications, and infrastructure systems. Keeping up with security vulnerabilities as they are published is challenging for most security teams. They need to be better informed about the raft of potential vulnerabilities and threats that they face, so that required actions can be taken. However, even the effectiveness of this type of approach relies heavily on the accuracy of the information provided and the reliability of their sources. For organizations operating diverse and wide-ranging systems, vulnerability management challenges cannot be solved using ad hoc tools. There needs to be an integrated and inclusive approach that makes use of security intelligence to highlight vulnerabilities and their severity as they occur. The information needs to be used effectively alongside software update and patch management services (Secunia offers both scanning and patch management services using its Corporate Software Inspector product). The start point involves the use of reliable information, which is where the Secunia VIM product comes into the picture. Value proposition Secunia is an established security management company. It is a trusted source of vulnerability intelligence and has become the preferred supplier for many enterprises and government agencies across Europe and the US. The vulnerability recommendations that Secunia makes to clients through its Secunia VIM services have a reputation for their accuracy and timeliness. Ovum (Published 07/2011) Page 2

3 By setting itself up as a trusted source of vulnerability intelligence, the company is not seen as a threat to other mainstream security vendors. In fact just the opposite; it collaborates with other security vendors, information and event providers, and open source projects to ensure that where vulnerabilities are identified they can be rectified as expediently as possible. Other vendors that play in this space and offer vulnerability information include Symantec (DeepSight), IBM (X-force), idefense, and Trend Micro. Secunia VIM is mainly targeted at the enterprise and government sectors. These are typically the types of organizations that have a large number of databases, applications, and operating systems to support. Having made that definition, the company does not completely ignore the small to medium-sized enterprise (SME) market. It provides a small business version for SMEs that operate complex infrastructures. Any business that operates a range of IT-based systems and services and regularly needs to perform vulnerability updates and patches would benefit from the intelligence-led vulnerability management services of the Secunia VIM product set. The solution is normally offered using a software-as-a-service (SaaS) approach, but a serverbased offering is available for those organizations that prefer not to go down the services route. A try-before-you-commit approach is available, so that new customers can evaluate the effectiveness of the product with a 30-day trial approval license before agreeing to a longer-term commitment. Ovum (Published 07/2011) Page 3

4 SOLUTION ANALYSIS Functionality The Secunia VIM product is a vulnerability intelligence and security management toolset. It delivers the information that security managers and analysts need to understand the vulnerabilities that could have a security impact on their operational systems. The product consists of a ticketing system that contains detailed information about the IT systems and applications of the business in the form of asset lists. These lists can be added to or amended as operational requirements change and new facilities are brought on stream. Secunia covers all commercial and open source off-the-shelf programs to ensure that it provides its clients with access to a comprehensive range of vulnerability intelligence. Security information that identifies and reports on emerging and historic threats can be targeted down to the individual application and release version to ensure that the information is relevant to the client. The information provided is actionable and covers the criticality, attack vector, and potential impact of each vulnerability. New vulnerabilities can be identified from the moment a system or application is added to the VIM asset list. New vulnerability tickets are automatically opened as soon as a Secunia advisory is issued that relates to a listed asset. When asset lists are set up, the client also nominates security managers who are responsible for taking action each time one of their areas comes under threat. These members of the company's security team are the frontline users of the Secunia VIM system. As shown in the Figure 1 architecture diagram, each nominated user can receive realtime vulnerability warnings and ticket alerts using their communications channel of choice. Normally this is done via or SMS message, while at the same time the VIM reporting module creates detailed reports for remediation and compliance purposes. Ovum (Published 07/2011) Page 4

5 Figure 1: The Secunia VIM approach Secunia Vulnerability Intelligence Management (VIM) INPUT USE & CORRELATE OUTPUT Asset list Windows Security 7 Policy Adobe Reader MozillaFirefox Critical patches Cisco Pix should be RedHat installed within 24 hours. Secunia Tickets Vulnerability Database Secunia RSS & XML Intelligence Feeds SMS/Text Message Alerts Reports Advisory Tickets Compliance Statistics 2011 Secunia VIM 2 Source: Ovum O V U M Within the Secunia VIM system, customized filters are used to control the flow of vulnerability information, to ensure that the right people are informed at the right time and that segregation of duties from a responsibility and compliance perspective is addressed. The client's security team can work directly with the vulnerability information provided by the VIM system, its asset lists, ticketing system, and alerts to provide remediation services. Alternatively, it can feed the intelligence into an existing third-party product such as SIEM tools, GRC systems, and third-party ticketing systems. To support this, Secunia provides XML feeds that allow data to be fed into other solutions. Secunia can also advise on any additional work that may be necessary to configure and use the vulnerability input data. The Secunia VIM systems offer several core benefits: Ovum (Published 07/2011) Page 5

6 Unified access to vulnerability intelligence is available, which helps organizations to make the right business decisions while supporting operational efficiency. Access to vulnerability intelligence is via a single customizable dashboard interface. This provides a common one-click approach to information, advisories, open tickets, and associated tasks. Secunia covers all commercial and open source off-the-shelf programs, making Secunia VIM one of the most comprehensive vulnerability intelligence systems available to handle emerging and historical threats. An inclusive set of reporting facilities are provided to inform on the current state of an organization s IT infrastructure for both risk management and compliance purposes. Access to the Secunia Research team is available to discuss issues pertaining to incidents or vulnerabilities. The Secunia VIM product conforms to various implementation standards for Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE), Common Vulnerability Scoring System (CVSS), and the National Institute of Standards and Technology (NIST) Security Content Automation Protocol (SCAP). The product has been certified as CVE compatible by The Mitre Corporation. It is compliant with the Vulnerability Database Requirements set out in the NIST Interagency Report 7511 Revision 1 (Draft), SCAP Version 1.0, and Validation Program Test Requirements (Draft), dated April Go-to-market strategy Many organizations struggle to keep pace with the changes required to ensure that their systems and applications can remain operational and safe. Depending on their level of maturity, most will have adopted some kind of informal vulnerability management process such as following public newsgroups or relying on vendor update information. The Secunia VIM approach formalizes these ad hoc information gathering processes and is sold to market on the basis of the completeness, timeliness, and efficiency of its verified and accurate information intelligence processes. The product is mainly marketed using a direct sales approach. Secunia's solution specialists support the approach by providing help to customers during implementation and then delivering a range of post-implementation maintenance and support services during the entire licensing period. The Secunia VIM product is normally sold using a SaaS licensing approach. Therefore the prices given are for annual use. Typical pricing for an entry-level solution starts at around 20,000; mid- Ovum (Published 07/2011) Page 6

7 range deployments will cost around 30,000; and deployments at the larger end of the scale will cost around 100,000. The licensing charges include all maintenance and support costs and cover the enterprise support model, which includes unlimited telephone support. The latest release of Secunia VIM is version 3.1. A product roadmap has been defined and the current areas of focus address further integration between VIM and the company's vulnerability scanning and patch management product, the Secunia Corporate Software Inspector (CSI). At the same time, Secunia will continue to work to provide easier integration with other third-party vendor products. Deployment The product is set up to be easy to deploy and use. Deployment times are measured in hours rather than days. Typically this involves between four and 16 hours. To support the process, Secunia uses a setup call approach; one of its solution specialists will help the customer through setup and configuration requirements. The main user requirement is to provide basic browser skills and a good knowledge of the particular IT infrastructure involved. General support and maintenance is provided by the Secunia team over the complete product lifecycle and, although not normally required, training services can also be provided. There are currently around 500 customer organizations using the VIM product, and two examples of its use are shown below. Customer deployment examples Example one is an enterprise organization with a security team that handles vulnerability management. It also employs other operational teams that deal with patch management issues. The company uses the Secunia VIM product to enable its security team to create asset lists containing all applications and operating systems deployed across their endpoint hosts, central systems, and networks (PCs and servers). Each time a new vulnerability is identified, a ticket is automatically raised and opened for the relevant application. Then, depending on the criticality of what Secunia has found, the process owner is notified via or SMS. When the responsible person has taken the required action, which can include the delivery of software patches, the ticket status is changed from open to handled. Process owners can also set compliance rules, for example specifying that all vulnerabilities with a criticality level of High or above must be patched within 30 days. Based on this, the user creates a compliance report, which can then be used to prove the existence of a vulnerability management program and alignment with Payment Card Ovum (Published 07/2011) Page 7

8 Industry Data Security Standard (PCI-DSS) or North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) compliance. Example two is an organization that already had an SIEM product in place before it deployed the Secunia VIM product. It now uses the SIEM tool alongside the vulnerability intelligence of VIM to provide security and compliance reporting. In this particular use case, intelligence provided by the Secunia VIM is automatically fed into the SIEM tool using Secunia's XML feed. The approach enables the company's authorized security managers to harness the vulnerability intelligence of VIM to the reporting services of its SIEM tool without the need to involve other third-party products or data feeds. Key facts about the solution Table 1: Secunia Vulnerability Intelligence Manager: data sheet Product name Secunia Vulnerability Intelligence Manager (VIM) Product classification Version number Version 3.1 Release date April 2011 Industries covered Financial services, government, education, energy, healthcare, and others Geographies covered Vulnerability Intelligence Europe and North America Relevant company sizes Small, medium, and large Platforms supported Normally delivered using a SaaS approach Languages supported Deployment options English (vulnerabilities also available in German) Normally SaaS, also available on-premise, onpremise (managed), and hosted Licensing options Route(s) to market URL Company headquarters Secunia European headquarters As company headquarters North America headquarters Asia-Pacific headquarters Perpetual term SaaS Usually direct sales, also partner sales, and OEM Weidekampsgade 14 A DK-2300 Copenhagen S Denmark Source: Secunia O V U M Ovum (Published 07/2011) Page 8

9 APPENDIX Author Andy Kellett, Senior Analyst Ovum Consulting We hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Ovum s consulting team may be able to help you. For more information about Ovum s consulting capabilities, please contact us directly at Disclaimer All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publisher, Ovum (a subsidiary company of Datamonitor plc). The facts of this report are believed to be correct at the time of publication but cannot be guaranteed. Please note that the findings, conclusions and recommendations that Ovum delivers will be based on information gathered in good faith from both primary and secondary sources, whose accuracy we are not always in a position to guarantee. As such Ovum can accept no liability whatever for actions taken based on any information that may subsequently prove to be incorrect. Ovum (Published 07/2011) Page 9

Secunia Corporate Software Inspector (Secunia CSI) ver.5.0

Secunia Corporate Software Inspector (Secunia CSI) ver.5.0 TECHNOLOGY AUDIT Secunia Corporate Software Inspector (Secunia CSI) ver.5.0 Secunia Reference Code: OI00070-107 Publication Date: December 2011 Author: Andy Kellett SUMMARY Catalyst Organizations need

More information

Secunia Vulnerability Intelligence Manager (VIM) 4.0

Secunia Vulnerability Intelligence Manager (VIM) 4.0 Secunia Vulnerability Intelligence Manager (VIM) 4.0 In depth Real-time vulnerability intelligence brought to you on time, every time, by Secunia s renowned research team Introduction Secunia is the world-leading

More information

SWOT Assessment: FireMon Security Manager Suite v7.0

SWOT Assessment: FireMon Security Manager Suite v7.0 SWOT Assessment: FireMon Security Manager Suite v7.0 Analyzing the strengths, weaknesses, opportunities, and threats Reference Code: IT017-004174 Publication Date: 12 Aug 2013 Author: Andrew Kellett SUMMARY

More information

Complete Patch Management

Complete Patch Management Complete Patch Management Complete - Flexible Unique In- Depth Secunia CSI 7 Corporate Software Inspector Take control of the vulnerability threat and optimize your IT security investments. The Secunia

More information

DocAve Software Platform

DocAve Software Platform TECHNOLOGY AUDIT DocAve Software Platform AvePoint Reference Code: OI00069-021 Publication Date: July 2011 Author: Mike Davis SUMMARY Catalyst AvePoint's DocAve Software Platform v5.6 provides an enterprise-strength

More information

SWOT Assessment: Eccentex AppBase v5.0

SWOT Assessment: Eccentex AppBase v5.0 SWOT Assessment: Eccentex AppBase v5.0 Analyzing the strengths, weaknesses, opportunities, and threats Reference Code: IT014-002764 Publication Date: 29 Jul 2013 Author: Sue Clarke SUMMARY Catalyst Eccentex

More information

SWOT Assessment: CoreMedia, CoreMedia 7

SWOT Assessment: CoreMedia, CoreMedia 7 SWOT Assessment: CoreMedia, CoreMedia 7 Analyzing the strengths, weaknesses, opportunities, and threats Reference Code: IT014-002848 Publication Date: 09 Dec 2013 Author: Sue Clarke SUMMARY Catalyst Web

More information

Complete Patch Management

Complete Patch Management Complete Management Targeted, Reliable and Cost-efficient In- Depth CSI Corporate Software Inspector Empower your IT-Operations and Security Teams with the most reliable Vulnerability & Management solution

More information

ImageWare Systems, Inc.

ImageWare Systems, Inc. ImageWare Systems, Inc. Delivering next-generation biometrics as an interactive and scalable cloud-based service SUMMARY Catalyst ImageWare Systems, Inc. (IWS) is a developer of leading-edge, identity-based,

More information

On the Radar: NextPlane

On the Radar: NextPlane On the Radar: NextPlane Unified communications federation delivered via the cloud Reference Code: IT016-001534 Publication Date: 24 Sep 2013 Author: Saurabh Sharma SUMMARY Catalyst NextPlane UC Exchange

More information

On the Radar: EMC Supplier Exchange

On the Radar: EMC Supplier Exchange On the Radar: EMC Supplier Exchange Addressing key issues for managers of complex contracts in energy and engineering Reference Code: IT023-000006 Publication Date: 11 Jun 2014 Author: Warren Wilson SUMMARY

More information

Vulnerability Intelligence & 3 rd party patch management

Vulnerability Intelligence & 3 rd party patch management Vulnerability Intelligence & 3 rd party patch management Presented By: William Hamilton Melby Company Overview Brief Secunia facts Established: 2002 HQ: Copenhagen, Denmark Regional office: Minneapolis,

More information

The following text was provided by the vendor during testing to describe how the product implements the specific capabilities.

The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Vendor Provided Validation Details - McAfee Policy Auditor 6.2 The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Statement of

More information

SWOT Assessment: dotcms dotcms v2.5

SWOT Assessment: dotcms dotcms v2.5 SWOT Assessment: dotcms dotcms v2.5 Analyzing the strengths, weaknesses, opportunities, and threats Reference Code: IT014-002855 Publication Date: 13 Dec 2013 Author: Sue Clarke SUMMARY Catalyst Traditional

More information

Secunia Corporate Software Inspector

Secunia Corporate Software Inspector Reference Code: TA001957SEC Publication Date: August 2010 Author: Karthik Balakrishnan and Andy Kellett TECHNOLOGY AUDIT Secunia Corporate Software Inspector Secunia SUMMARY IMPACT The growing range of

More information

Complete Patch Management

Complete Patch Management Complete Patch Management Targeted, Reliable and Cost-efficient Brief Secunia CSI Corporate Software Inspector Empower your organisation to take control of the vulnerability threat & optimize your ITsecurity

More information

Specializing in visualizing and analyzing clinical trials data

Specializing in visualizing and analyzing clinical trials data ON THE RADAR Comprehend Systems Specializing in visualizing and analyzing clinical trials data Reference Code: OI00193-012 Publication Date: February 2012 Author: Andrew Brosnan and Cornelia Wels-Maug

More information

Entarian ForestSafe version 4.1

Entarian ForestSafe version 4.1 TECHNOLOGY AUDIT Entarian ForestSafe version 4.1 Reference Code: OI00197-010 Publication Date: April, 2012 Author: Andrew Kellett SUMMARY Catalyst One of the most challenging areas within IT security concerns

More information

On the Radar: Tessella

On the Radar: Tessella On the Radar: Tessella Creating an archive for the long-term preservation of digital content Reference Code: IT014-002789 Publication Date: 04 Sep 2013 Author: Sue Clarke SUMMARY Catalyst Ensuring that

More information

Qualys PC/SCAP Auditor

Qualys PC/SCAP Auditor Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS

More information

The Days of Feeling Vulnerable Are Over: Best Practices in Vulnerability Management

The Days of Feeling Vulnerable Are Over: Best Practices in Vulnerability Management The Days of Feeling Vulnerable Are Over: Best Practices in Vulnerability Management An EiQ Networks White Paper The Need for Vulnerability Management Vulnerabilities are potential holes introduced by flaws

More information

Symantec's Continuous Monitoring Solution

Symantec's Continuous Monitoring Solution Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................

More information

On the Radar: Esri UK

On the Radar: Esri UK On the Radar: Esri UK Geographic information reveals the determinants of better health Reference Code: IT011 000316 Publication Date: 30 May 2013 Author: Cornelia Wels Maug SUMMARY Catalyst The adoption

More information

Differentiate your business with a cloud contact center

Differentiate your business with a cloud contact center Differentiate your business with a cloud contact center A guide to selecting a partner that will enhance the customer experience An Ovum White Paper Sponsored by Cisco Systems, Inc. Publication Date: September

More information

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities

Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?

More information

North American Electric Reliability Corporation (NERC) Cyber Security Standard

North American Electric Reliability Corporation (NERC) Cyber Security Standard North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

SWOT Assessment: Alfresco, Alfresco One, v5.0

SWOT Assessment: Alfresco, Alfresco One, v5.0 SWOT Assessment: Alfresco, Alfresco One, v5.0 Analyzing the strengths, weaknesses, opportunities, and threats Publication Date: May 5 th, 2015 Product code: IT0014-003012 Sue Clarke Summary Catalyst When

More information

Symantec Control Compliance Suite Standards Manager

Symantec Control Compliance Suite Standards Manager Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance

More information

Case Study: Unifying ITSM Practices and Technology

Case Study: Unifying ITSM Practices and Technology Case Study: Unifying ITSM Practices and Technology SBM Offshore Reference Code: EI025-000007 Publication Date: 17 Jun 2014 Author: Adam Holtby SUMMARY Catalyst As a result of corporate expansions, mergers,

More information

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Intro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and Compliance

More information

CA Service Management Solutions

CA Service Management Solutions CA Service Management Solutions CA Technologies Reference Code: IT017 004068 Publication Date: 09 Jan 2013 Author: Adam Holtby SUMMARY Catalyst IT functions are subject not only to the enterprise wide

More information

Cisco Security IntelliShield Alert Manager Service

Cisco Security IntelliShield Alert Manager Service Data Sheet Cisco Security IntelliShield Alert Manager Service The Cisco Security IntelliShield Alert Manager Service provides a comprehensive, cost-effective solution for delivering the security intelligence

More information

SWOT Assessment: BMC Remedy v9

SWOT Assessment: BMC Remedy v9 SWOT Assessment: BMC Remedy v9 Analyzing the strengths, weaknesses, opportunities, and threats Publication Date: 17 Aug 2015 Product code: IT0022-000489 Adam Holtby Summary Catalyst BMC Software is an

More information

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY ADMINISTRATION TOOLS Stormshield Network Security solutions simplify

More information

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com

Maintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance

More information

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

LogInspect 5 Product Features Robust. Dynamic. Unparalleled. LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10

More information

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe

Introduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Introduction to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys at a Glance Software-as-a-Service (SaaS) Founded in 1999

More information

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LOGPOINT Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics,

More information

Ovum Decision Matrix: Selecting an Enterprise Content Management Solution, 2013 14

Ovum Decision Matrix: Selecting an Enterprise Content Management Solution, 2013 14 Ovum Decision Matrix: Selecting an Enterprise Content Management Solution, 2013 14 Publication Date: August 2013 Author: Sue Clarke SUMMARY Catalyst Selecting an enterprise content management (ECM) platform

More information

BMC Client Management - SCAP Implementation Statement. Version 12.0

BMC Client Management - SCAP Implementation Statement. Version 12.0 BMC Client Management - SCAP Implementation Statement Version 12.0 BMC Client Management - SCAP Implementation Statement TOC 3 Contents SCAP Implementation Statement... 4 4 BMC Client Management - SCAP

More information

On the Radar: Be Informed

On the Radar: Be Informed ON THE RADAR On the Radar: Be Informed Business Process Platform Reference Code: OI00190-018 Publication Date: April 2012 Author: Joe Dignan SUMMARY Catalyst The Holy Grail for public sector IT is a single

More information

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious

More information

SWOT Assessment: BeyondTrust Privileged Identity Management Portfolio

SWOT Assessment: BeyondTrust Privileged Identity Management Portfolio SWOT Assessment: BeyondTrust Privileged Identity Management Portfolio Analyzing the strengths, weaknesses, opportunities, and threats Publication Date: 11 Jun 2015 Product code: IT0022-000387 Andrew Kellett

More information

WHITE PAPER. BMC Software Evaluation for Selecting a Cloud Management Solution Technology Decision Matrix, 2013 14

WHITE PAPER. BMC Software Evaluation for Selecting a Cloud Management Solution Technology Decision Matrix, 2013 14 BMC Software Evaluation for Selecting a Cloud Management Solution Technology Decision Matrix, 2013 14 BMC Software Evaluation for Selecting a Cloud Management Solution Technology Decision Matrix, 2013

More information

6. Exercise: Writing Security Advisories

6. Exercise: Writing Security Advisories CERT Exercises Toolset 49 49 6. Exercise: Writing Security Advisories Main Objective Targeted Audience Total Duration Time Schedule Frequency The objective of the exercise is to provide a practical overview

More information

ombiel campusm SUMMARY Catalyst Key findings Ovum recommends Reference Code: IT018-001456 Publication Date: 13 Apr 2014 Author: Tim Jennings

ombiel campusm SUMMARY Catalyst Key findings Ovum recommends Reference Code: IT018-001456 Publication Date: 13 Apr 2014 Author: Tim Jennings ombiel campusm Reference Code: IT018-001456 Publication Date: 13 Apr 2014 Author: Tim Jennings SUMMARY Catalyst campusm is a cross-platform mobile and web application environment that enables an educational

More information

The Value of Vulnerability Management*

The Value of Vulnerability Management* The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda

More information

REPORT. 2015 State of Vulnerability Risk Management

REPORT. 2015 State of Vulnerability Risk Management REPORT 2015 State of Vulnerability Risk Management Table of Contents Introduction: A Very Vulnerable Landscape... 3 Security Vulnerabilities by Industry... 4 Remediation Trends: A Cross-Industry Perspective...

More information

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009

Achieving PCI Compliance with Red Hat Enterprise Linux. June 2009 Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving

More information

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture

More information

Symantec Protection Center Enterprise 3.0. Release Notes

Symantec Protection Center Enterprise 3.0. Release Notes Symantec Protection Center Enterprise 3.0 Release Notes Symantec Protection Center Enterprise 3.0 Release Notes The software described in this book is furnished under a license agreement and may be used

More information

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

PATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

2013 ICT Enterprise Insights in the Life Sciences Industry

2013 ICT Enterprise Insights in the Life Sciences Industry 2013 ICT Enterprise Insights in the Life Sciences Industry Key findings from the 2013 survey results Reference Code: IT010-000185 Publication Date: 03 Oct 2013 Author: Andrew Brosnan SUMMARY Catalyst The

More information

STREAM Cyber Security

STREAM Cyber Security STREAM Cyber Security Management Software Governance, Risk Management & Compliance (GRC) Security Operations, Analytics & Reporting (SOAR) Fast, flexible, scalable, easy to use and affordable software

More information

Compliance Management, made easy

Compliance Management, made easy Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one

More information

On the Radar: Syncplicity Panorama

On the Radar: Syncplicity Panorama On the Radar: Syncplicity Panorama New mobile content access tools for modern business work styles Publication Date: 11 Mar 2015 Product code: IT0021-000064 Richard Edwards Summary Catalyst The typical

More information

EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.

EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia. Non-intrusive, authenticated scanning for OT & IT environments The situation: convenience vs. security Interconnectivity between organizations and corporate networks, the internet and the cloud and thus

More information

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,

Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall

More information

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015

Penetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015 For the Financial Industry in Singapore 31 July 2015 TABLE OF CONTENT 1. EXECUTIVE SUMMARY 3 2. INTRODUCTION 4 2.1 Audience 4 2.2 Purpose and Scope 4 2.3 Definitions 4 3. REQUIREMENTS 6 3.1 Overview 6

More information

DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1

DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1 DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1 Continuously Assess, Monitor, & Secure Your Information Supply Chain and Data Center Data Sheet: Security Management Is your organization able

More information

Case Study: Vitamix. Improving strategic business integration using IT service management practices and technology

Case Study: Vitamix. Improving strategic business integration using IT service management practices and technology Improving strategic business integration using IT service management practices and technology Publication Date: 17 Sep 2014 Product code: IT0022-000180 Adam Holtby Summary Catalyst For Vitamix, a key driver

More information

SIP Trunking: Second-Wave Benefits

SIP Trunking: Second-Wave Benefits Trunking: Second-Wave Benefits trunking initially provided network savings to customers, but there are additional "second-wave" benefits to consider Reference Code: OT00050-002 Publication Date: January

More information

Caretower s SIEM Managed Security Services

Caretower s SIEM Managed Security Services Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During

More information

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE

LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach

More information

IBM Security Intelligence Strategy

IBM Security Intelligence Strategy IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

The Benefits of an Integrated Approach to Security in the Cloud

The Benefits of an Integrated Approach to Security in the Cloud The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The

More information

Standard: Vulnerability Management and Assessment

Standard: Vulnerability Management and Assessment Standard: Vulnerability Management and Assessment Page 1 Executive Summary San Jose State University (SJSU) is highly diversified in the information that it collects and maintains on its community members.

More information

Continuous Network Monitoring

Continuous Network Monitoring Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment

More information

PCI DSS Top 10 Reports March 2011

PCI DSS Top 10 Reports March 2011 PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,

More information

The SIEM Evaluator s Guide

The SIEM Evaluator s Guide Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,

More information

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds. ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid

More information

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC

Welcome to Modulo Risk Manager Next Generation. Solutions for GRC Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS

More information

The Impact of HIPAA and HITECH

The Impact of HIPAA and HITECH The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients

More information

Critical Watch aims to reduce countermeasure deployment pain by doing it all for you

Critical Watch aims to reduce countermeasure deployment pain by doing it all for you Critical Watch aims to reduce countermeasure deployment pain by doing it all for you Analyst: Javvad Malik 6 Sep, 2012 Critical Watch offers Active Countermeasure Intelligence, a combination of risk intelligence

More information

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE

LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility

More information

IBM's Adoption of Sugar: A Lesson in Global Implementation

IBM's Adoption of Sugar: A Lesson in Global Implementation IBM's Adoption of Sugar: A Lesson in Global Implementation IBM's agile, collaborative, user-centered approach wins over 45,000 sales people Reference Code: IT020-000022 Publication Date: 24 Apr 2014 Author:

More information

On the Radar: Pulse Secure

On the Radar: Pulse Secure Secure access management for corporate and personal endpoints on company networks Publication Date: 17 Jul 2015 Product code: IT0022-000431 Rik Turner Summary Catalyst Pulse Secure is a developer of secure

More information

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence

The Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver White Paper: BEST PRACTICES The Modern Service Desk: Contents Introduction............................................................................................

More information

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance

More information

An Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime

An Oracle White Paper November 2011. Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime An Oracle White Paper November 2011 Financial Crime and Compliance Management: Convergence of Compliance Risk and Financial Crime Disclaimer The following is intended to outline our general product direction.

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

Governance, Risk, and Compliance (GRC) White Paper

Governance, Risk, and Compliance (GRC) White Paper Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:

More information

IBM QRadar as a Service

IBM QRadar as a Service Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major

More information

Security and Services

Security and Services Written by Maxine Holt, May 2005 TA000824SAS Technology Infrastructure Butler Group Subscription Services Security and Services TECHNOLOGY AUDIT Symantec Corporation Managed Security Service (MSS) Abstract

More information

IBM Security QRadar Vulnerability Manager

IBM Security QRadar Vulnerability Manager IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk

More information

IT Security & Compliance. On Time. On Budget. On Demand.

IT Security & Compliance. On Time. On Budget. On Demand. IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount

More information

WHITE PAPER. Written by: Michael Azoff. Published Mar, 2015, Ovum

WHITE PAPER. Written by: Michael Azoff. Published Mar, 2015, Ovum Unlocking systems of record with Web and mobile front-ends CA App Services Orchestrator for creating contemporary APIs Written by: Michael Azoff Published Mar, 2015, Ovum CA App Services Orchestrator WWW.OVUM.COM

More information

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

THREAT VISIBILITY & VULNERABILITY ASSESSMENT THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings

More information

MANAGEMENT SUMMARY INTRODUCTION KEY MESSAGES. Written by: Michael Azoff. Published June 2015, Ovum

MANAGEMENT SUMMARY INTRODUCTION KEY MESSAGES. Written by: Michael Azoff. Published June 2015, Ovum App user analytics and performance monitoring for the business, development, and operations teams CA Mobile App Analytics for endto-end visibility CA Mobile App Analytics WWW.OVUM.COM Written by: Michael

More information

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide

IBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation

More information

Security Assessment Report

Security Assessment Report Security Assessment Report Prepared for California State Lottery By: Gaming Laboratories International, LLC. 600 Airport Road, Lakewood, NJ 08701 Phone: (732) 942-3999 Fax: (732) 942-0043 www.gaminglabs.com

More information

IBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide

IBM Security QRadar SIEM Version 7.1.0 MR1. Vulnerability Assessment Configuration Guide IBM Security QRadar SIEM Version 7.1.0 MR1 Vulnerability Assessment Configuration Guide Note: Before using this information and the product that it supports, read the information in Notices and Trademarks

More information

VRDA Vulnerability Response Decision Assistance

VRDA Vulnerability Response Decision Assistance VRDA Vulnerability Response Decision Assistance Art Manion CERT/CC Yurie Ito JPCERT/CC EC2ND 2007 2007 Carnegie Mellon University VRDA Rationale and Design 2 Problems Duplication of effort Over 8,000 vulnerability

More information

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V2.0, JULY 2015 Multiple Layers of Protection Overview Password Salted-Hash Thank you

More information