DATASHEET

Security Manager

Solution

“One central repository for all of your

vulnerability data across network scanning

tools, application scanning tools and

penetration test service providers - grouped

by business process, region, assets or in any

other way necessary to support your decision

making needs.”

Security Manager is a Cloud-based

application that sits at the heart of an effective

vulnerability management programme.

It enables an organization to consolidate

vulnerability information from vulnerability

scanning solutions, penetration test providers

and in-house testing teams. Key application

features:

✔ Analytics – dynamic graphical and

tabular reports including trend

analysis, and API support for 3rd

Party Business Intelligence tools

✔ Groupings and Hierarchies – to

support technical asset, geographical

location and business process level

analysis

✔ Remediation management – workflow-

based assignment and tracking of

corrective actions

✔ On-demand technical support

– access to certified security

consultants for advice and guidance

✔ API support for 3rd Party IT Service

Management solutions and Directory

Service integration

Hacking tools and the individuals operating them are growing rapidly

in sophistication, and as a result new and existing vulnerabilities are

exposing organisations to an ever increasing risk of breach. There

has never been a greater need to operate an effective vulnerability

management programme, which combines the “reach and frequency”

of vulnerability scanning with the “rigour and depth” of manual

penetration testing.

DATASHEET

Tel: +44 (0)208 012 8544 Email: sales@surecloud.com www.surecloud.com

© SureCloud Limited 2017. All rights reserved.

Features

Vulnerability Scanning

Security Manager’s Vulnerability Scanning

area includes comprehensive vulnerability

management capabili-ties to support

standards such as PCI DSS and ISO27K. It

offers the following features:

✔Perimeter and internal, network and

application layer scanning

✔Payment Card Industry Approved

Scanning – SureCloud is a PCI ASV

✔System configuration auditing against

policies – providing an automated

solution for server and firewall

auditing

✔Data discovery scanning in support

of a PCI DSS compliance mandatory

requirement.

The agentless scanning engine currently

performs security checks covering over

75,000 vulnerabilities and configuration

issues across a broad range of operating

systems, services and applications. Intelligent

post-scan processing reduces false positives

before results are presented to the end user.

Other unique benefits include:

✔Excel/PDF tailored scan reports with

trend analysis

✔Auto-update on vulnerability status as

issues are resolved

✔Full audit trail

✔Pre-configured ‘safe’ scan and best

practice templates

✔Detailed vulnerability solutions

and mitigation advice, written by

SureCloud’s expert consultants

3rd Party Security Data Feed Support

Security Manager’s API supports data feeds

from other third party sources, including the

most commonly used vulnerability scanning

solutions, and commercial penetration

test providers. A published XML format for

penetration test result-sets is a new industry

standard, which will drive consistency in

the vulnerability management processes

applied to disparate manual test outputs.

Data imported via the API’s will benefit

from Security Manager’s core vulnerability

management features and deliver a single

point of analysis across automated and

manually discovered vulnerabilities. The API’s

also support the integration of other threat-

based information sources.

In-House Security Test Management

With an increasing need to perform more

frequent manual penetration testing,

organisations are looking to reduce the

cost of external providers and recruit

internal security testing capabilities of their

own. This new in-house resource requires

the tools to perform the job, and of equal

importance needs to integrate with the

current vulnerability management processes

being operated to maintain consistency in

reporting and remediation. The “Enterprise

Add-on” to Security Manager provides is a

full penetration test delivery man-agement

application, covering the entire lifecycle of a

test engagement. Features include:

✔Centralised test plans with check-lists

to ensure coverage of key test areas

✔Integrated test tools for

reconnaissance through to

vulnerability detection tasks

✔Automated report creation features

✔Vulnerability knowledgebase updated

daily through third party feeds

“We’ve become far

more efficient and have made

substantial time savings by using the

SureCloud Platform,

as many of the larger solutions

would have taken years to

implement.”

Vince Pillay, Chief

Information Security Officer,

Domestic & General