Vulnerability Manager

US: +1 651-256-9503UK: +44 208-012-8544Email: sales@surecloud.com www.surecloud.com

DATASHEET

Vulnerability Management is an important component of any mature security program, whether driven by best practice, regulatory compliance or third-party mandate. Risk mitigation is supported by an ability to identify threats and subsequently implement the appropriate protection, based on comprehensive remediation and mitigation recommendations.

SureCloud Vulnerability Manager enables organizations to discover vulnerabilities, providing simple solutions for risk reduction. Achieve this with in-built processes that deliver structure and translate vulnerabilities from severity rankings into an understanding of the level of business risk. Vulnerability Manager helps organizations to comply

with PCI DSS requirements 2.2, 6.1.a, 6.2, 6.6, 11.2.1, 11.2.2 and 11.2.3.

The Solution

SureCloud Vulnerability Manager combines automated vulnerability detection, with vulnerabilities discovered through manual activities like penetration testing. It is underpinned by a best practice vulnerability management process; supporting vulnerability discovery, prioritization, remediation, and verifi cation. The Application delivers critical information security compliance benefi ts, including:

The ability to assign business impact values to business assets, allowing results to be viewed in the context of business risk over just vulnerability severity

A uniform view of current security posture – all authorized personnel will be able to see the same vulnerability information at any point in time.

Flexibility to produce additional management and technical reports from detailed vulnerability fi ndings through to system or domain-wide reports.

The core components are:

✔ Vulnerability Scanning

✔ Penetration Test Results Management

✔ Tasks and Workfl ow

We have a complete picture of our information security and PCI DSS position at any one moment in time via a single platform. I can drill down into the information as required, making it easy to identify any potential vulnerabilities and quickly resolve them.Head of ICT, UK Financial Services company ”

“

US: +1 651-256-9503 UK: +44 208-012-8544 Email: sales@surecloud.com www.surecloud.com

Vulnerability Scanning

SureCloud’s scanning solution has comprehensive vulnerability management capabilities to support standards such as PCI DSS and ISO27K. It offers the following features:

© SureCloud Limited 2018. All rights reserved.

✔ Perimeter and internal, network and application layer scanning

✔ Payment Card Industry Approved Scanning – SureCloud is a PCI Approved Scanning Vendor

✔ System configuration auditing against policies – providing an automated solution for server and firewall auditing – i.e. verification of PCI Requirement 2.2 (d)

✔ Data discovery scanning in support of PCI DSS compliance mandatory requirement.

✔ The agentless scanning engine currently performs security checks, covering over 100,000 vulnerabilities and configuration issues, across a broad range of operating systems, services and applications. Intelligent post-scan processing reduces false positives before results are presented to the end user.

✔ Other unique benefits include:

✔ Excel/PDF tailored scan reports with trending

✔ Auto-update on vulnerability status as issues are resolved

✔ Full audit trail

✔ Pre-configured ‘safe’ scan and best practice templates

✔ Detailed vulnerability solutions and mitigation advice, written by a SureCloud consultant

✔ For those organizations with a preferred scanning engine, the results can be imported for integration with penetration test results.

About SureCloud:

SureCloud provides Governance, Risk & Compliance (GRC) applications and Cybersecurity services that give our customers certainty – of risk management/compliance, of cybersecurity, of having answers today and tomorrow. Established in 2006, SureCloud is headquartered in the United Kingdom and has offices in the United States. SureCloud has more than 400 customers throughout the UK and US from the Retail, Financial Services, Government and other sectors. For more information visit www.surecloud.com

Book Your DemoLet us show you how you can always be certain. Visit our website or contact one of our experts to find out more.

Email: info@surecloud.com

SureCloud has given us a fantastic tool, we can now go to Operations with proof of vulnerabilities that need fixing. We couldn’t do that before.Abi Dakin, ICT Compliance Specialist, Rotherham MBC

”“

Penetration Test Results Management

SureCloud Vulnerability Manager has dynamic reporting and a remediation process for penetration test results management providing the following key benefits:

✔ Tabular and graphical presentation of test output including root cause analysis

✔ Import facility to integrate third-party test results

✔ Ability to trend across tests and test providers

✔ Integrated consultant-based support facility

Vulnerability Manager provides an easy-to-track, repeatable remediation process, replacing the difficult-to-use PDF formats, resulting from traditional penetration tests.

Tasks & Workflow

SureCloud Vulnerability Manager features platform-wide ‘Task’ functionality. This allows activities such as verification or remediation to be allocated to individuals or groups within or outside the organization.

Key features include:

✔ Integrated workflow to enable Tasks to be tracked through the vulnerability management process to completion, along with the ability to set reminders ensuring timely responses

✔ Automated Tasks can be configured to alert key personnel to important issues on critical business assets

✔ A central Task dashboard shows real-time status and highlights any areas that may require further attention.