Aggregate critical information on current, new, and emerging threats to determine potential impact on IT environment for immediate remediation and ongoing security risk measurement.
- Implement full vulnerability lifecycle management, including identification, correlation, assessment, remediation, and reporting
- Leverage real-time authoritative threat and vulnerability data sources such as National Vulnerability Database and other proprietary services, including zero-day and early warning services
- Automatically identify vulnerable assets based on asset database and threat intelligence
- Correlate security data from security intelligence services, scanners, policy management tools, CMDB, and patch management systems
- Normalize data using open standards such as CPE, CWE, CVSS.
- Dynamically calculate threat score and business impact based on asset criticality and threat criticality
- Drill down and analyze vulnerabilities by asset group, threat categories, or other dynamic groupings
- Initiate and manage remediation with built-in ticketing system or integration to popular help desk systems and patch management systems
- Automate remediation of certain vulnerabilities base on rules
- Link vulnerability status to compliance and risk controls