security manager - surecloud€¦ · security manager’s vulnerability scanning area includes...
TRANSCRIPT
DATASHEET
Security Manager
Solution
“One central repository for all of your
vulnerability data across network scanning
tools, application scanning tools and
penetration test service providers - grouped
by business process, region, assets or in any
other way necessary to support your decision
making needs.”
Security Manager is a Cloud-based
application that sits at the heart of an effective
vulnerability management programme.
It enables an organization to consolidate
vulnerability information from vulnerability
scanning solutions, penetration test providers
and in-house testing teams. Key application
features:
✔ Analytics – dynamic graphical and
tabular reports including trend
analysis, and API support for 3rd
Party Business Intelligence tools
✔ Groupings and Hierarchies – to
support technical asset, geographical
location and business process level
analysis
✔ Remediation management – workflow-
based assignment and tracking of
corrective actions
✔ On-demand technical support
– access to certified security
consultants for advice and guidance
✔ API support for 3rd Party IT Service
Management solutions and Directory
Service integration
Hacking tools and the individuals operating them are growing rapidly
in sophistication, and as a result new and existing vulnerabilities are
exposing organisations to an ever increasing risk of breach. There
has never been a greater need to operate an effective vulnerability
management programme, which combines the “reach and frequency”
of vulnerability scanning with the “rigour and depth” of manual
penetration testing.
DATASHEET
Tel: +44 (0)208 012 8544 Email: [email protected] www.surecloud.com
© SureCloud Limited 2017. All rights reserved.
Features
Vulnerability Scanning
Security Manager’s Vulnerability Scanning
area includes comprehensive vulnerability
management capabili-ties to support
standards such as PCI DSS and ISO27K. It
offers the following features:
✔Perimeter and internal, network and
application layer scanning
✔Payment Card Industry Approved
Scanning – SureCloud is a PCI ASV
✔System configuration auditing against
policies – providing an automated
solution for server and firewall
auditing
✔Data discovery scanning in support
of a PCI DSS compliance mandatory
requirement.
The agentless scanning engine currently
performs security checks covering over
75,000 vulnerabilities and configuration
issues across a broad range of operating
systems, services and applications. Intelligent
post-scan processing reduces false positives
before results are presented to the end user.
Other unique benefits include:
✔Excel/PDF tailored scan reports with
trend analysis
✔Auto-update on vulnerability status as
issues are resolved
✔Full audit trail
✔Pre-configured ‘safe’ scan and best
practice templates
✔Detailed vulnerability solutions
and mitigation advice, written by
SureCloud’s expert consultants
3rd Party Security Data Feed Support
Security Manager’s API supports data feeds
from other third party sources, including the
most commonly used vulnerability scanning
solutions, and commercial penetration
test providers. A published XML format for
penetration test result-sets is a new industry
standard, which will drive consistency in
the vulnerability management processes
applied to disparate manual test outputs.
Data imported via the API’s will benefit
from Security Manager’s core vulnerability
management features and deliver a single
point of analysis across automated and
manually discovered vulnerabilities. The API’s
also support the integration of other threat-
based information sources.
In-House Security Test Management
With an increasing need to perform more
frequent manual penetration testing,
organisations are looking to reduce the
cost of external providers and recruit
internal security testing capabilities of their
own. This new in-house resource requires
the tools to perform the job, and of equal
importance needs to integrate with the
current vulnerability management processes
being operated to maintain consistency in
reporting and remediation. The “Enterprise
Add-on” to Security Manager provides is a
full penetration test delivery man-agement
application, covering the entire lifecycle of a
test engagement. Features include:
✔Centralised test plans with check-lists
to ensure coverage of key test areas
✔Integrated test tools for
reconnaissance through to
vulnerability detection tasks
✔Automated report creation features
✔Vulnerability knowledgebase updated
daily through third party feeds
“We’ve become far
more efficient and have made
substantial time savings by using the
SureCloud Platform,
as many of the larger solutions
would have taken years to
implement.”
Vince Pillay, Chief
Information Security Officer,
Domestic & General