Secunia Vulnerability Intelligence Manager
|
|
- Jessica Cain
- 8 years ago
- Views:
Transcription
1 TECHNOLOGY AUDIT Secunia Vulnerability Intelligence Manager Secunia Reference Code: OI Publication Date: July 2011 Author: Andy Kellett SUMMARY Catalyst Secunia Vulnerability Intelligence Manager (Secunia VIM) is a security management system that supplies the latest intelligence on vulnerability threats while acting as an early warning tool. It is used by the IT departments and security teams of organizations worldwide to take pre-emptive action. One of the key features of the VIM is the automated security ticketing system, which also maintains user-generated application and software asset lists. These are used to automatically generate vulnerability notifications, in the form of security advisories, each time the solution detects that an asset is at risk. Most organizations have elements of vulnerability management in place. Some make use of security information and event management (SIEM) technology or follow public vulnerability newsgroups and information feeds from their software. However, many find it difficult to keep pace with the constant disclosure of vulnerabilities that are putting their operational systems at risk. Fundamentally, they would benefit from a more controlled and structured approach. In this context, Secunia VIM can be used to build a vulnerability intelligence system from scratch or support existing security management processes. Key findings Secunia VIM provides accurate, up-to-date, vulnerability intelligence. Ovum (Published 07/2011) Page 1
2 The information provided is easily accessible and relevant to security managers. Secunia intelligence determines how critical each vulnerability is, and reports on the likely impact. VIM can interact with other security management tools, but is not designed to deliver patch updates (if required, Secunia CSI can fulfill the patch update role). Due to the VIM relationship with other security tools, the company plans to provide improved integration with third-party SIEM and governance risk and compliance (GRC) products. The primary target audience is the government sector and enterprise organizations with their own security teams. Ovum recommends Businesses must be proactive in the management of their operational software, applications, and infrastructure systems. Keeping up with security vulnerabilities as they are published is challenging for most security teams. They need to be better informed about the raft of potential vulnerabilities and threats that they face, so that required actions can be taken. However, even the effectiveness of this type of approach relies heavily on the accuracy of the information provided and the reliability of their sources. For organizations operating diverse and wide-ranging systems, vulnerability management challenges cannot be solved using ad hoc tools. There needs to be an integrated and inclusive approach that makes use of security intelligence to highlight vulnerabilities and their severity as they occur. The information needs to be used effectively alongside software update and patch management services (Secunia offers both scanning and patch management services using its Corporate Software Inspector product). The start point involves the use of reliable information, which is where the Secunia VIM product comes into the picture. Value proposition Secunia is an established security management company. It is a trusted source of vulnerability intelligence and has become the preferred supplier for many enterprises and government agencies across Europe and the US. The vulnerability recommendations that Secunia makes to clients through its Secunia VIM services have a reputation for their accuracy and timeliness. Ovum (Published 07/2011) Page 2
3 By setting itself up as a trusted source of vulnerability intelligence, the company is not seen as a threat to other mainstream security vendors. In fact just the opposite; it collaborates with other security vendors, information and event providers, and open source projects to ensure that where vulnerabilities are identified they can be rectified as expediently as possible. Other vendors that play in this space and offer vulnerability information include Symantec (DeepSight), IBM (X-force), idefense, and Trend Micro. Secunia VIM is mainly targeted at the enterprise and government sectors. These are typically the types of organizations that have a large number of databases, applications, and operating systems to support. Having made that definition, the company does not completely ignore the small to medium-sized enterprise (SME) market. It provides a small business version for SMEs that operate complex infrastructures. Any business that operates a range of IT-based systems and services and regularly needs to perform vulnerability updates and patches would benefit from the intelligence-led vulnerability management services of the Secunia VIM product set. The solution is normally offered using a software-as-a-service (SaaS) approach, but a serverbased offering is available for those organizations that prefer not to go down the services route. A try-before-you-commit approach is available, so that new customers can evaluate the effectiveness of the product with a 30-day trial approval license before agreeing to a longer-term commitment. Ovum (Published 07/2011) Page 3
4 SOLUTION ANALYSIS Functionality The Secunia VIM product is a vulnerability intelligence and security management toolset. It delivers the information that security managers and analysts need to understand the vulnerabilities that could have a security impact on their operational systems. The product consists of a ticketing system that contains detailed information about the IT systems and applications of the business in the form of asset lists. These lists can be added to or amended as operational requirements change and new facilities are brought on stream. Secunia covers all commercial and open source off-the-shelf programs to ensure that it provides its clients with access to a comprehensive range of vulnerability intelligence. Security information that identifies and reports on emerging and historic threats can be targeted down to the individual application and release version to ensure that the information is relevant to the client. The information provided is actionable and covers the criticality, attack vector, and potential impact of each vulnerability. New vulnerabilities can be identified from the moment a system or application is added to the VIM asset list. New vulnerability tickets are automatically opened as soon as a Secunia advisory is issued that relates to a listed asset. When asset lists are set up, the client also nominates security managers who are responsible for taking action each time one of their areas comes under threat. These members of the company's security team are the frontline users of the Secunia VIM system. As shown in the Figure 1 architecture diagram, each nominated user can receive realtime vulnerability warnings and ticket alerts using their communications channel of choice. Normally this is done via or SMS message, while at the same time the VIM reporting module creates detailed reports for remediation and compliance purposes. Ovum (Published 07/2011) Page 4
5 Figure 1: The Secunia VIM approach Secunia Vulnerability Intelligence Management (VIM) INPUT USE & CORRELATE OUTPUT Asset list Windows Security 7 Policy Adobe Reader MozillaFirefox Critical patches Cisco Pix should be RedHat installed within 24 hours. Secunia Tickets Vulnerability Database Secunia RSS & XML Intelligence Feeds SMS/Text Message Alerts Reports Advisory Tickets Compliance Statistics 2011 Secunia VIM 2 Source: Ovum O V U M Within the Secunia VIM system, customized filters are used to control the flow of vulnerability information, to ensure that the right people are informed at the right time and that segregation of duties from a responsibility and compliance perspective is addressed. The client's security team can work directly with the vulnerability information provided by the VIM system, its asset lists, ticketing system, and alerts to provide remediation services. Alternatively, it can feed the intelligence into an existing third-party product such as SIEM tools, GRC systems, and third-party ticketing systems. To support this, Secunia provides XML feeds that allow data to be fed into other solutions. Secunia can also advise on any additional work that may be necessary to configure and use the vulnerability input data. The Secunia VIM systems offer several core benefits: Ovum (Published 07/2011) Page 5
6 Unified access to vulnerability intelligence is available, which helps organizations to make the right business decisions while supporting operational efficiency. Access to vulnerability intelligence is via a single customizable dashboard interface. This provides a common one-click approach to information, advisories, open tickets, and associated tasks. Secunia covers all commercial and open source off-the-shelf programs, making Secunia VIM one of the most comprehensive vulnerability intelligence systems available to handle emerging and historical threats. An inclusive set of reporting facilities are provided to inform on the current state of an organization s IT infrastructure for both risk management and compliance purposes. Access to the Secunia Research team is available to discuss issues pertaining to incidents or vulnerabilities. The Secunia VIM product conforms to various implementation standards for Common Vulnerabilities and Exposures (CVE), Common Platform Enumeration (CPE), Common Vulnerability Scoring System (CVSS), and the National Institute of Standards and Technology (NIST) Security Content Automation Protocol (SCAP). The product has been certified as CVE compatible by The Mitre Corporation. It is compliant with the Vulnerability Database Requirements set out in the NIST Interagency Report 7511 Revision 1 (Draft), SCAP Version 1.0, and Validation Program Test Requirements (Draft), dated April Go-to-market strategy Many organizations struggle to keep pace with the changes required to ensure that their systems and applications can remain operational and safe. Depending on their level of maturity, most will have adopted some kind of informal vulnerability management process such as following public newsgroups or relying on vendor update information. The Secunia VIM approach formalizes these ad hoc information gathering processes and is sold to market on the basis of the completeness, timeliness, and efficiency of its verified and accurate information intelligence processes. The product is mainly marketed using a direct sales approach. Secunia's solution specialists support the approach by providing help to customers during implementation and then delivering a range of post-implementation maintenance and support services during the entire licensing period. The Secunia VIM product is normally sold using a SaaS licensing approach. Therefore the prices given are for annual use. Typical pricing for an entry-level solution starts at around 20,000; mid- Ovum (Published 07/2011) Page 6
7 range deployments will cost around 30,000; and deployments at the larger end of the scale will cost around 100,000. The licensing charges include all maintenance and support costs and cover the enterprise support model, which includes unlimited telephone support. The latest release of Secunia VIM is version 3.1. A product roadmap has been defined and the current areas of focus address further integration between VIM and the company's vulnerability scanning and patch management product, the Secunia Corporate Software Inspector (CSI). At the same time, Secunia will continue to work to provide easier integration with other third-party vendor products. Deployment The product is set up to be easy to deploy and use. Deployment times are measured in hours rather than days. Typically this involves between four and 16 hours. To support the process, Secunia uses a setup call approach; one of its solution specialists will help the customer through setup and configuration requirements. The main user requirement is to provide basic browser skills and a good knowledge of the particular IT infrastructure involved. General support and maintenance is provided by the Secunia team over the complete product lifecycle and, although not normally required, training services can also be provided. There are currently around 500 customer organizations using the VIM product, and two examples of its use are shown below. Customer deployment examples Example one is an enterprise organization with a security team that handles vulnerability management. It also employs other operational teams that deal with patch management issues. The company uses the Secunia VIM product to enable its security team to create asset lists containing all applications and operating systems deployed across their endpoint hosts, central systems, and networks (PCs and servers). Each time a new vulnerability is identified, a ticket is automatically raised and opened for the relevant application. Then, depending on the criticality of what Secunia has found, the process owner is notified via or SMS. When the responsible person has taken the required action, which can include the delivery of software patches, the ticket status is changed from open to handled. Process owners can also set compliance rules, for example specifying that all vulnerabilities with a criticality level of High or above must be patched within 30 days. Based on this, the user creates a compliance report, which can then be used to prove the existence of a vulnerability management program and alignment with Payment Card Ovum (Published 07/2011) Page 7
8 Industry Data Security Standard (PCI-DSS) or North American Electric Reliability Corporation Critical Infrastructure Protection (NERC-CIP) compliance. Example two is an organization that already had an SIEM product in place before it deployed the Secunia VIM product. It now uses the SIEM tool alongside the vulnerability intelligence of VIM to provide security and compliance reporting. In this particular use case, intelligence provided by the Secunia VIM is automatically fed into the SIEM tool using Secunia's XML feed. The approach enables the company's authorized security managers to harness the vulnerability intelligence of VIM to the reporting services of its SIEM tool without the need to involve other third-party products or data feeds. Key facts about the solution Table 1: Secunia Vulnerability Intelligence Manager: data sheet Product name Secunia Vulnerability Intelligence Manager (VIM) Product classification Version number Version 3.1 Release date April 2011 Industries covered Financial services, government, education, energy, healthcare, and others Geographies covered Vulnerability Intelligence Europe and North America Relevant company sizes Small, medium, and large Platforms supported Normally delivered using a SaaS approach Languages supported Deployment options English (vulnerabilities also available in German) Normally SaaS, also available on-premise, onpremise (managed), and hosted Licensing options Route(s) to market URL Company headquarters Secunia European headquarters As company headquarters North America headquarters Asia-Pacific headquarters Perpetual term SaaS Usually direct sales, also partner sales, and OEM Weidekampsgade 14 A DK-2300 Copenhagen S Denmark sales@secunia.com Source: Secunia O V U M Ovum (Published 07/2011) Page 8
9 APPENDIX Author Andy Kellett, Senior Analyst Ovum Consulting We hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Ovum s consulting team may be able to help you. For more information about Ovum s consulting capabilities, please contact us directly at consulting@ovum.com. Disclaimer All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publisher, Ovum (a subsidiary company of Datamonitor plc). The facts of this report are believed to be correct at the time of publication but cannot be guaranteed. Please note that the findings, conclusions and recommendations that Ovum delivers will be based on information gathered in good faith from both primary and secondary sources, whose accuracy we are not always in a position to guarantee. As such Ovum can accept no liability whatever for actions taken based on any information that may subsequently prove to be incorrect. Ovum (Published 07/2011) Page 9
Secunia Corporate Software Inspector (Secunia CSI) ver.5.0
TECHNOLOGY AUDIT Secunia Corporate Software Inspector (Secunia CSI) ver.5.0 Secunia Reference Code: OI00070-107 Publication Date: December 2011 Author: Andy Kellett SUMMARY Catalyst Organizations need
More informationSecunia Vulnerability Intelligence Manager (VIM) 4.0
Secunia Vulnerability Intelligence Manager (VIM) 4.0 In depth Real-time vulnerability intelligence brought to you on time, every time, by Secunia s renowned research team Introduction Secunia is the world-leading
More informationSWOT Assessment: FireMon Security Manager Suite v7.0
SWOT Assessment: FireMon Security Manager Suite v7.0 Analyzing the strengths, weaknesses, opportunities, and threats Reference Code: IT017-004174 Publication Date: 12 Aug 2013 Author: Andrew Kellett SUMMARY
More informationComplete Patch Management
Complete Patch Management Complete - Flexible Unique In- Depth Secunia CSI 7 Corporate Software Inspector Take control of the vulnerability threat and optimize your IT security investments. The Secunia
More informationDocAve Software Platform
TECHNOLOGY AUDIT DocAve Software Platform AvePoint Reference Code: OI00069-021 Publication Date: July 2011 Author: Mike Davis SUMMARY Catalyst AvePoint's DocAve Software Platform v5.6 provides an enterprise-strength
More informationSWOT Assessment: Eccentex AppBase v5.0
SWOT Assessment: Eccentex AppBase v5.0 Analyzing the strengths, weaknesses, opportunities, and threats Reference Code: IT014-002764 Publication Date: 29 Jul 2013 Author: Sue Clarke SUMMARY Catalyst Eccentex
More informationSWOT Assessment: CoreMedia, CoreMedia 7
SWOT Assessment: CoreMedia, CoreMedia 7 Analyzing the strengths, weaknesses, opportunities, and threats Reference Code: IT014-002848 Publication Date: 09 Dec 2013 Author: Sue Clarke SUMMARY Catalyst Web
More informationComplete Patch Management
Complete Management Targeted, Reliable and Cost-efficient In- Depth CSI Corporate Software Inspector Empower your IT-Operations and Security Teams with the most reliable Vulnerability & Management solution
More informationVulnerability Intelligence & 3 rd party patch management
Vulnerability Intelligence & 3 rd party patch management Presented By: William Hamilton Melby Company Overview Brief Secunia facts Established: 2002 HQ: Copenhagen, Denmark Regional office: Minneapolis,
More informationOn the Radar: NextPlane
On the Radar: NextPlane Unified communications federation delivered via the cloud Reference Code: IT016-001534 Publication Date: 24 Sep 2013 Author: Saurabh Sharma SUMMARY Catalyst NextPlane UC Exchange
More informationImageWare Systems, Inc.
ImageWare Systems, Inc. Delivering next-generation biometrics as an interactive and scalable cloud-based service SUMMARY Catalyst ImageWare Systems, Inc. (IWS) is a developer of leading-edge, identity-based,
More informationOn the Radar: EMC Supplier Exchange
On the Radar: EMC Supplier Exchange Addressing key issues for managers of complex contracts in energy and engineering Reference Code: IT023-000006 Publication Date: 11 Jun 2014 Author: Warren Wilson SUMMARY
More informationSecunia Corporate Software Inspector
Reference Code: TA001957SEC Publication Date: August 2010 Author: Karthik Balakrishnan and Andy Kellett TECHNOLOGY AUDIT Secunia Corporate Software Inspector Secunia SUMMARY IMPACT The growing range of
More informationHow To Use A Policy Auditor 6.2.2 (Macafee) To Check For Security Issues
Vendor Provided Validation Details - McAfee Policy Auditor 6.2 The following text was provided by the vendor during testing to describe how the product implements the specific capabilities. Statement of
More informationComplete Patch Management
Complete Patch Management Targeted, Reliable and Cost-efficient Brief Secunia CSI Corporate Software Inspector Empower your organisation to take control of the vulnerability threat & optimize your ITsecurity
More informationSWOT Assessment: dotcms dotcms v2.5
SWOT Assessment: dotcms dotcms v2.5 Analyzing the strengths, weaknesses, opportunities, and threats Reference Code: IT014-002855 Publication Date: 13 Dec 2013 Author: Sue Clarke SUMMARY Catalyst Traditional
More informationEntarian ForestSafe version 4.1
TECHNOLOGY AUDIT Entarian ForestSafe version 4.1 Reference Code: OI00197-010 Publication Date: April, 2012 Author: Andrew Kellett SUMMARY Catalyst One of the most challenging areas within IT security concerns
More informationCA Service Management Solutions
CA Service Management Solutions CA Technologies Reference Code: IT017 004068 Publication Date: 09 Jan 2013 Author: Adam Holtby SUMMARY Catalyst IT functions are subject not only to the enterprise wide
More informationSpecializing in visualizing and analyzing clinical trials data
ON THE RADAR Comprehend Systems Specializing in visualizing and analyzing clinical trials data Reference Code: OI00193-012 Publication Date: February 2012 Author: Andrew Brosnan and Cornelia Wels-Maug
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationOn the Radar: Tessella
On the Radar: Tessella Creating an archive for the long-term preservation of digital content Reference Code: IT014-002789 Publication Date: 04 Sep 2013 Author: Sue Clarke SUMMARY Catalyst Ensuring that
More informationNorth American Electric Reliability Corporation (NERC) Cyber Security Standard
North American Electric Reliability Corporation (NERC) Cyber Security Standard Symantec Managed Security Services Support for CIP Compliance Overviewview The North American Electric Reliability Corporation
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationSWOT Assessment: Alfresco, Alfresco One, v5.0
SWOT Assessment: Alfresco, Alfresco One, v5.0 Analyzing the strengths, weaknesses, opportunities, and threats Publication Date: May 5 th, 2015 Product code: IT0014-003012 Sue Clarke Summary Catalyst When
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationDifferentiate your business with a cloud contact center
Differentiate your business with a cloud contact center A guide to selecting a partner that will enhance the customer experience An Ovum White Paper Sponsored by Cisco Systems, Inc. Publication Date: September
More informationOn the Radar: Esri UK
On the Radar: Esri UK Geographic information reveals the determinants of better health Reference Code: IT011 000316 Publication Date: 30 May 2013 Author: Cornelia Wels Maug SUMMARY Catalyst The adoption
More informationQualys PC/SCAP Auditor
Qualys PC/SCAP Auditor Getting Started Guide August 3, 2015 COPYRIGHT 2011-2015 BY QUALYS, INC. ALL RIGHTS RESERVED. QUALYS AND THE QUALYS LOGO ARE REGISTERED TRADEMARKS OF QUALYS, INC. ALL OTHER TRADEMARKS
More informationMaintaining PCI-DSS compliance. Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com
Maintaining PCI-DSS compliance Daniele Bertolotti daniele_bertolotti@symantec.com Antonio Ricci antonio_ricci@symantec.com Sessione di Studio Milano, 21 Febbraio 2013 Agenda 1 Maintaining PCI-DSS compliance
More informationBMC Client Management - SCAP Implementation Statement. Version 12.0
BMC Client Management - SCAP Implementation Statement Version 12.0 BMC Client Management - SCAP Implementation Statement TOC 3 Contents SCAP Implementation Statement... 4 4 BMC Client Management - SCAP
More informationCisco Security IntelliShield Alert Manager Service
Data Sheet Cisco Security IntelliShield Alert Manager Service The Cisco Security IntelliShield Alert Manager Service provides a comprehensive, cost-effective solution for delivering the security intelligence
More informationIntroduction to QualysGuard IT Risk SaaS Services. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Introduction to QualysGuard IT Risk SaaS Services Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe Qualys at a Glance Software-as-a-Service (SaaS) Founded in 1999
More informationLogInspect 5 Product Features Robust. Dynamic. Unparalleled.
LogInspect 5 Product Features Robust. Dynamic. Unparalleled. Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics, eg: Top 10
More informationSymantec Control Compliance Suite Standards Manager
Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance
More informationCase Study: Unifying ITSM Practices and Technology
Case Study: Unifying ITSM Practices and Technology SBM Offshore Reference Code: EI025-000007 Publication Date: 17 Jun 2014 Author: Adam Holtby SUMMARY Catalyst As a result of corporate expansions, mergers,
More informationOvum Decision Matrix: Selecting an Enterprise Content Management Solution, 2013 14
Ovum Decision Matrix: Selecting an Enterprise Content Management Solution, 2013 14 Publication Date: August 2013 Author: Sue Clarke SUMMARY Catalyst Selecting an enterprise content management (ECM) platform
More informationREPORT. 2015 State of Vulnerability Risk Management
REPORT 2015 State of Vulnerability Risk Management Table of Contents Introduction: A Very Vulnerable Landscape... 3 Security Vulnerabilities by Industry... 4 Remediation Trends: A Cross-Industry Perspective...
More informationUNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY
UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY ADMINISTRATION TOOLS Stormshield Network Security solutions simplify
More informationThe Value of Vulnerability Management*
The Value of Vulnerability Management* *ISACA/IIA Dallas Presented by: Robert Buchheit, Director Advisory Practice, Dallas Ricky Allen, Manager Advisory Practice, Houston *connectedthinking PwC Agenda
More informationLogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.
LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled. LOGPOINT Enjoy ultra fast search capabilities in simple and complex modes optimized for Big Data Easily filter and display relevant topics,
More informationIntro to QualysGuard IT Risk & Asset Management. Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe
Intro to QualysGuard IT Risk & Asset Management Marek Skalicky, CISM, CRISC Regional Account Manager for Central & Adriatic Eastern Europe A Unified and Continuous View of ICT Security, Risks and Compliance
More informationSymantec Protection Center Enterprise 3.0. Release Notes
Symantec Protection Center Enterprise 3.0 Release Notes Symantec Protection Center Enterprise 3.0 Release Notes The software described in this book is furnished under a license agreement and may be used
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationSWOT Assessment: BMC Remedy v9
SWOT Assessment: BMC Remedy v9 Analyzing the strengths, weaknesses, opportunities, and threats Publication Date: 17 Aug 2015 Product code: IT0022-000489 Adam Holtby Summary Catalyst BMC Software is an
More informationSWOT Assessment: BeyondTrust Privileged Identity Management Portfolio
SWOT Assessment: BeyondTrust Privileged Identity Management Portfolio Analyzing the strengths, weaknesses, opportunities, and threats Publication Date: 11 Jun 2015 Product code: IT0022-000387 Andrew Kellett
More informationOn the Radar: Be Informed
ON THE RADAR On the Radar: Be Informed Business Process Platform Reference Code: OI00190-018 Publication Date: April 2012 Author: Joe Dignan SUMMARY Catalyst The Holy Grail for public sector IT is a single
More informationDETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
More informationombiel campusm SUMMARY Catalyst Key findings Ovum recommends Reference Code: IT018-001456 Publication Date: 13 Apr 2014 Author: Tim Jennings
ombiel campusm Reference Code: IT018-001456 Publication Date: 13 Apr 2014 Author: Tim Jennings SUMMARY Catalyst campusm is a cross-platform mobile and web application environment that enables an educational
More informationWHITE PAPER. BMC Software Evaluation for Selecting a Cloud Management Solution Technology Decision Matrix, 2013 14
BMC Software Evaluation for Selecting a Cloud Management Solution Technology Decision Matrix, 2013 14 BMC Software Evaluation for Selecting a Cloud Management Solution Technology Decision Matrix, 2013
More informationCompliance Management, made easy
Compliance Management, made easy LOGPOINT SECURING BUSINESS ASSETS SECURING BUSINESS ASSETS LogPoint 5.1: Protecting your data, intellectual property and your company Log and Compliance Management in one
More informationSymantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security,
Symantec Security Compliance Solution Symantec s automated approach to IT security compliance helps organizations minimize threats, improve security, streamline compliance reporting, and reduce the overall
More informationSTREAM Cyber Security
STREAM Cyber Security Management Software Governance, Risk Management & Compliance (GRC) Security Operations, Analytics & Reporting (SOAR) Fast, flexible, scalable, easy to use and affordable software
More information6. Exercise: Writing Security Advisories
CERT Exercises Toolset 49 49 6. Exercise: Writing Security Advisories Main Objective Targeted Audience Total Duration Time Schedule Frequency The objective of the exercise is to provide a practical overview
More informationWelcome to Modulo Risk Manager Next Generation. Solutions for GRC
Welcome to Modulo Risk Manager Next Generation Solutions for GRC THE COMPLETE SOLUTION FOR GRC MANAGEMENT GRC MANAGEMENT AUTOMATION EASILY IDENTIFY AND ADDRESS RISK AND COMPLIANCE GAPS INTEGRATED GRC SOLUTIONS
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationIBM Security Intelligence Strategy
IBM Security Intelligence Strategy Delivering Insight with Agility October 17, 2014 Victor Margina Security Solutions Accent Electronic 12013 IBM Corporation We are in an era of continuous breaches Operational
More informationPayment Card Industry Data Security Standard
Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security
More informationThe Benefits of an Integrated Approach to Security in the Cloud
The Benefits of an Integrated Approach to Security in the Cloud Judith Hurwitz President and CEO Marcia Kaufman COO and Principal Analyst Daniel Kirsch Senior Analyst Sponsored by IBM Introduction The
More information2013 ICT Enterprise Insights in the Life Sciences Industry
2013 ICT Enterprise Insights in the Life Sciences Industry Key findings from the 2013 survey results Reference Code: IT010-000185 Publication Date: 03 Oct 2013 Author: Andrew Brosnan SUMMARY Catalyst The
More informationEXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.
Non-intrusive, authenticated scanning for OT & IT environments The situation: convenience vs. security Interconnectivity between organizations and corporate networks, the internet and the cloud and thus
More informationDATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1
DATASHEET CONTROL COMPLIANCE SUITE VENDOR RISK MANAGER 11.1 Continuously Assess, Monitor, & Secure Your Information Supply Chain and Data Center Data Sheet: Security Management Is your organization able
More informationLOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG AND EVENT MANAGEMENT FOR SECURITY AND COMPLIANCE The Tripwire VIA platform delivers system state intelligence, a continuous approach to security that provides leading indicators of breach
More informationThe Impact of HIPAA and HITECH
The Health Insurance Portability & Accountability Act (HIPAA), enacted 8/21/96, was created to protect the use, storage and transmission of patients healthcare information. This protects all forms of patients
More informationSIP Trunking: Second-Wave Benefits
Trunking: Second-Wave Benefits trunking initially provided network savings to customers, but there are additional "second-wave" benefits to consider Reference Code: OT00050-002 Publication Date: January
More informationStandard: Vulnerability Management and Assessment
Standard: Vulnerability Management and Assessment Page 1 Executive Summary San Jose State University (SJSU) is highly diversified in the information that it collects and maintains on its community members.
More informationPATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationPCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR
PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR AUTHOR: UDIT PATHAK SENIOR SECURITY ANALYST udit.pathak@niiconsulting.com Public Network Intelligence India 1 Contents 1. Background... 3 2. PCI Compliance
More informationGovernance, Risk, and Compliance (GRC) White Paper
Governance, Risk, and Compliance (GRC) White Paper Table of Contents: Purpose page 2 Introduction _ page 3 What is GRC _ page 3 GRC Concepts _ page 4 Integrated Approach and Methodology page 4 Diagram:
More informationHow To Use Syncplicity Panorama On A Mobile Device
On the Radar: Syncplicity Panorama New mobile content access tools for modern business work styles Publication Date: 11 Mar 2015 Product code: IT0021-000064 Richard Edwards Summary Catalyst The typical
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationSecurity and Services
Written by Maxine Holt, May 2005 TA000824SAS Technology Infrastructure Butler Group Subscription Services Security and Services TECHNOLOGY AUDIT Symantec Corporation Managed Security Service (MSS) Abstract
More informationPenetration Testing Guidelines For the Financial Industry in Singapore. 31 July 2015
For the Financial Industry in Singapore 31 July 2015 TABLE OF CONTENT 1. EXECUTIVE SUMMARY 3 2. INTRODUCTION 4 2.1 Audience 4 2.2 Purpose and Scope 4 2.3 Definitions 4 3. REQUIREMENTS 6 3.1 Overview 6
More informationIBM Security QRadar Vulnerability Manager
IBM Security QRadar Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution Highlights Help prevent security breaches by discovering and highlighting high-risk
More informationThe SIEM Evaluator s Guide
Using SIEM for Compliance, Threat Management, & Incident Response Security information and event management (SIEM) tools are designed to collect, store, analyze, and report on log data for threat detection,
More informationPCI DSS Top 10 Reports March 2011
PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,
More informationHow To Achieve Pca Compliance With Redhat Enterprise Linux
Achieving PCI Compliance with Red Hat Enterprise Linux June 2009 CONTENTS EXECUTIVE SUMMARY...2 OVERVIEW OF PCI...3 1.1. What is PCI DSS?... 3 1.2. Who is impacted by PCI?... 3 1.3. Requirements for achieving
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationCritical Watch aims to reduce countermeasure deployment pain by doing it all for you
Critical Watch aims to reduce countermeasure deployment pain by doing it all for you Analyst: Javvad Malik 6 Sep, 2012 Critical Watch offers Active Countermeasure Intelligence, a combination of risk intelligence
More informationCase Study: Vitamix. Improving strategic business integration using IT service management practices and technology
Improving strategic business integration using IT service management practices and technology Publication Date: 17 Sep 2014 Product code: IT0022-000180 Adam Holtby Summary Catalyst For Vitamix, a key driver
More informationLOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE
PRODUCT BRIEF LOG MANAGEMENT AND SIEM FOR SECURITY AND COMPLIANCE As part of the Tripwire VIA platform, Tripwire Log Center offers out-of-the-box integration with Tripwire Enterprise to offer visibility
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationOn the Radar: Pulse Secure
Secure access management for corporate and personal endpoints on company networks Publication Date: 17 Jul 2015 Product code: IT0022-000431 Rik Turner Summary Catalyst Pulse Secure is a developer of secure
More informationThe Modern Service Desk: How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver Business Confidence
How Advanced Integration, Process Automation, and ITIL Support Enable ITSM Solutions That Deliver White Paper: BEST PRACTICES The Modern Service Desk: Contents Introduction............................................................................................
More informationVRDA Vulnerability Response Decision Assistance
VRDA Vulnerability Response Decision Assistance Art Manion CERT/CC Yurie Ito JPCERT/CC EC2ND 2007 2007 Carnegie Mellon University VRDA Rationale and Design 2 Problems Duplication of effort Over 8,000 vulnerability
More informationAccenture Intelligent Security for the Digital Enterprise. Archer s important role in solving today's pressing security challenges
Accenture Intelligent Security for the Digital Enterprise Archer s important role in solving today's pressing security challenges The opportunity to improve cyber security has never been greater 229 2,287
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationMANAGEMENT SUMMARY INTRODUCTION KEY MESSAGES. Written by: Michael Azoff. Published June 2015, Ovum
App user analytics and performance monitoring for the business, development, and operations teams CA Mobile App Analytics for endto-end visibility CA Mobile App Analytics WWW.OVUM.COM Written by: Michael
More informationTHE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols
THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE
More informationIBM QRadar as a Service
Government Efficiency through Innovative Reform IBM QRadar as a Service Service Definition Copyright IBM Corporation 2014 Table of Contents IBM Cloud Overview... 2 IBM/Sentinel PaaS... 2 QRadar... 2 Major
More informationSecunia PSI for Application Patch Management
Secunia PSI for Application Patch Management An installation and user guide to Secunia Personal Security Investigator (PSI) Version 1.2 Created August 16, 2013 Last Edit August 20, 2014 U n i v e r s i
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationSymantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Landscape
WHITE PAPER: SYMANTEC GLOBAL INTELLIGENCE NETWORK 2.0.... ARCHITECTURE.................................... Symantec Global Intelligence Network 2.0 Architecture: Staying Ahead of the Evolving Threat Who
More informationTHREAT VISIBILITY & VULNERABILITY ASSESSMENT
THREAT VISIBILITY & VULNERABILITY ASSESSMENT Date: April 15, 2015 IKANOW Analysts: Casey Pence IKANOW Platform Build: 1.34 11921 Freedom Drive, Reston, VA 20190 IKANOW.com TABLE OF CONTENTS 1 Key Findings
More informationREDSEAL NETWORKS SOLUTION BRIEF. Proactive Network Intelligence Solutions For PCI DSS Compliance
REDSEAL NETWORKS SOLUTION BRIEF Proactive Network Intelligence Solutions For PCI DSS Compliance Overview PCI DSS has become a global requirement for all entities handling cardholder data. A company processing,
More informationIBM Advanced Threat Protection Solution
IBM Advanced Threat Protection Solution Fabio Panada IBM Security Tech Sales Leader 1 Advanced Threats is one of today s key mega-trends Advanced Threats Sophisticated, targeted attacks designed to gain
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationDeveloping Cyber Threat Intelligence or not failing in battle.
Developing Cyber Threat Intelligence or not failing in battle. AtlSecCon 2012, 02 March 2012 Adrien de Beaupré SANS ISC Handler Intru-Shun.ca Inc. Natasha Hellberg Bell Canada About me 32+, 22+, 12+ years
More informationIBM Security QRadar Vulnerability Manager Version 7.2.1. User Guide
IBM Security QRadar Vulnerability Manager Version 7.2.1 User Guide Note Before using this information and the product that it supports, read the information in Notices on page 61. Copyright IBM Corporation
More informationAVOIDING PATCH DOOMSDAY Best Practices for Performing Patch Management
AVOIDING PATCH DOOMSDAY Best Practices for Performing Patch Management The Patch Management Imperative Nearly every business in the world today depends on IT to support day-to-day operations and deliver
More information