risk and ontrol self assessments - amazon web …...stream vulnerability management a common issue...
TRANSCRIPT
A common issue companies face is the management of vulnerabilities. Vulnerability scanning tools are certainly effective, yet these can quickly lose cost effectivity if the vulnerabilities are not properly managed.
Vulnerability scanning tools such as Qualys, Rapid 7 and Nessus are used to scan Hosts / IP Ranges in order to identify potential infrastructure vulnerabilities. The outputs from such tools, as well as the results from Penetration Testing activities, can be automatically uploaded into STREAM for progression and tracking. In addition, the register of Assets in STREAM can be automatically reconciled against an external Asset Management / CMDB data source, to ensure that critical assets have been registered and as a baseline for ongoing scanning operations.
STREAM Vulnerability Management
Risk and Control Self Assessments
Risk visibility
Rapid deployment
Easily configurable
Intuitive
Risk quantification
On-premise or SaaS
STREAM can also automatically capture control metrics from external security solutions, such as metrics on the proportion of devices ‘up to date with the latest operating system patches’. Vulnerability, penetration testing and control metrics data imported from external tools can be automatically linked to related controls, risks, actions, and other objects in STREAM, thereby providing real-time, operational risk and compliance status information for management.
Features (Vulnerability Management)
Outputs from your preferred scanning solution(s) - and from penetration testing – can be
pulled into STREAM. For each detected/ flagged vulnerability, STREAM can automatically:
• Raise a ‘Vulnerability Event’, linked to the particular Asset(s)
• Capture key information such as Vulnerability Details, Port, Protocol, Severity, Operating
System, and recommended
remediation steps
• Raise a Remediation Action in STREAM, assigned to the designated Asset Owner for
example, with automatic Status, Priority and appropriate Action Due Date based on the
details of the detected vulnerability
• Escalate Events to supervisors/ managers if they are not resolved correctly, and then
re-occur on subsequent scans
• Provide tracking reports to monitor the status of all known vulnerabilities and related
activities.
Contact Us
For further information on
STREAM or Acuity Risk
Management, please contact us:
www.acuityrm.com
+44 (0) 20 7297 2086
@AcuityRM
Acuity Risk Management
Benefits of STREAM:
• Efficient management and tracking of actions from vulnerability scans and penetra-
tion tests
• Asset-based risk and compliance assessments informed by scanning and test results
• Automated real-time updates of risk status on receipt of control metrics
• Improved risk-based decision making
• Fewer costly business disruptions from security incidents.
Features (Continued…)
• Choose relevant control metrics and map to threats
• Select from our pre-configured libraries or create your own metrics and mappings
• Use the STREAM API to configure data interfaces to external data sources
• Schedule automated imports of control metrics from security solutions or run interactive data imports
• Risk and compliance status is updated immediately on each data source import with a historical record being retained
• Custom reports using control metrics can be created using the STREAM report builder to meet your exact requirements.