A common issue companies face is the management of vulnerabilities. Vulnerability scanning tools are certainly effective, yet these can quickly lose cost effectivity if the vulnerabilities are not properly managed.

Vulnerability scanning tools such as Qualys, Rapid 7 and Nessus are used to scan Hosts / IP Ranges in order to identify potential infrastructure vulnerabilities. The outputs from such tools, as well as the results from Penetration Testing activities, can be automatically uploaded into STREAM for progression and tracking. In addition, the register of Assets in STREAM can be automatically reconciled against an external Asset Management / CMDB data source, to ensure that critical assets have been registered and as a baseline for ongoing scanning operations.

STREAM Vulnerability Management

Risk and Control Self Assessments

Risk visibility

Rapid deployment

Easily configurable

Intuitive

Risk quantification

On-premise or SaaS

STREAM can also automatically capture control metrics from external security solutions, such as metrics on the proportion of devices ‘up to date with the latest operating system patches’. Vulnerability, penetration testing and control metrics data imported from external tools can be automatically linked to related controls, risks, actions, and other objects in STREAM, thereby providing real-time, operational risk and compliance status information for management.

Features (Vulnerability Management)

Outputs from your preferred scanning solution(s) - and from penetration testing – can be

pulled into STREAM. For each detected/ flagged vulnerability, STREAM can automatically:

• Raise a ‘Vulnerability Event’, linked to the particular Asset(s)

• Capture key information such as Vulnerability Details, Port, Protocol, Severity, Operating

System, and recommended

remediation steps

• Raise a Remediation Action in STREAM, assigned to the designated Asset Owner for

example, with automatic Status, Priority and appropriate Action Due Date based on the

details of the detected vulnerability

• Escalate Events to supervisors/ managers if they are not resolved correctly, and then

re-occur on subsequent scans

• Provide tracking reports to monitor the status of all known vulnerabilities and related

activities.

Contact Us

For further information on

STREAM or Acuity Risk

Management, please contact us:

Info@acuityrm.com

www.acuityrm.com

+44 (0) 20 7297 2086

@AcuityRM

Acuity Risk Management

Benefits of STREAM:

• Efficient management and tracking of actions from vulnerability scans and penetra-

tion tests

• Asset-based risk and compliance assessments informed by scanning and test results

• Automated real-time updates of risk status on receipt of control metrics

• Improved risk-based decision making

• Fewer costly business disruptions from security incidents.

Features (Continued…)

• Choose relevant control metrics and map to threats

• Select from our pre-configured libraries or create your own metrics and mappings

• Use the STREAM API to configure data interfaces to external data sources

• Schedule automated imports of control metrics from security solutions or run interactive data imports

• Risk and compliance status is updated immediately on each data source import with a historical record being retained

• Custom reports using control metrics can be created using the STREAM report builder to meet your exact requirements.