Vulnerability Management (VM) scans assets, finds vulnerabilities, and implements a remediation process that includes timing, SLAs, and automatic updates. Security Vision VM consists of three main blocks:
· Asset management, where the asset base is built, including scanning and discovery of new assets, their automatic identification, inventory, lifecycle management and execution of automated administrative actions;
· Vulnerability scanning, which presents its own engine for searching for vulnerabilities on Windows/Linux hosts, containerization environments, application software, network devices, databases, etc., taking into account restrictions on the time of scanning and the use of technological "windows";
· The process of eliminating discovered vulnerabilities, including automatic confirmation of elimination, integration with external Service Desk and auto-patching.
The new version of the product adds vulnerability scanning on iOS devices, as well as Linux systems SUSE, Alpine and Solaris.
For blackbox checks, a mode has been added to scan and detect vulnerable versions of services running on hosts. The mode does not require any credentials and is able to find a large number of vulnerabilities in services such as OpenSSH, SSL/OpenSSL, Nginx, Apache, PHP, LDAP, MSSQL, PostgreSQL, Oracle, MySQL and many others.
New SNMP, SSL/TLS, SSH, Telnet, RCE vulnerability exploitation checks have been added for pentest mode, as well as additional checks for web vulnerabilities. The mechanism for using user dictionaries for bruteforce checks has been improved.
The mechanism of recommendations from various sources for eliminating vulnerabilities has been supplemented, including the display in the vulnerability card of various workaround solutions for Microsoft vulnerabilities.
A new scan mode has been added to the product - standalone Agent. In this mode, a special Agent is installed on remote or isolated hosts, which, when gaining access to the corporate network, automatically requests and receives scan jobs from the central server (including through a chain of similar services - without direct access), and then performs them on a regular basis, sending scan results also when access to the corporate network.
As part of asset management, it is possible to build asset reachability routes automatically using routing rules and ACLs from network devices. The system supports a large number of types of network devices, for example, Usergate, Continent, Cisco, etc. This functionality is extremely important when analyzing identified vulnerabilities, since it allows you to effectively assess the potential risk of exploitation by attackers while moving through the corporate network and the risk of seizing an asset.
.png)
.jpg)
