Threat and Vulnerability Management
Adopt best practices to improve accountability and communication
Proactively detect and remedy threats before they are exploited.
Consolidating vulnerability information and security intelligence from multiple sources to manage risk and compliance is a daunting task. It is even more challenging to prioritize and remedy threats in an ever-changing risk landscape. These threats include APT (Advanced Persistent Threats), sophisticated malwares, and zero-day worms, as well as client side vulnerabilities in browsers, documents, emails, etc.
But despite the increasing complexity of IT environments and rising threat sophistication, organizations can still get a handle on identifying and controlling vulnerabilities and threats . It’s all about laying out achievable steps to proactively identify and remedy vulnerabilities, and ensure that the organization’s acceptable risk and compliance levels are not compromised.
MetricStream provides an in-built data integration engine to capture vulnerability information from multiple scanning devices, and link it to critical assets for compliance monitoring. The solution integrates with popular vulnerability assessment tools and security intelligence feeds, pulling in relevant threat and vulnerability information, storing it in a searchable central database, and automating the entire lifecycle of vulnerability remediation.
Using the MetricStream solution, organizations can establish a consistent and repeatable threat management process. The solution provides an easy way to harness massive amounts of security data, correlate it with other risk and compliance metrics, and transform it into meaningful dashboard reports to make informed decisions when vulnerabilities occur.
Capabilities of the Solution
Consolidation of Threat Intelligence
Dealing with multiple new vulnerability alerts each week is overwhelming for most IT security staff. The MetricStream solution allows you to manage this information more efficiently by automatically consolidating threat intelligence data from real-time authoritative sources such as the National Vulnerability Database, commercial threat feeds, email advisories, and multiple zero-day and early warning services.
Flexible Threat Definition
Using the MetricStream solution, threats can be classified based on their impact on and context to the organization. More flexible options are also available for defining threats based on vulnerability types, malicious code, geopolitical threats, patch levels, exploitation availability, access type, and complexity.
Proactive User Alerts
The MetricStream solution provides automatic notifications with the complete details of each threat, including the severity of the threat, CVE ID, source of the threat, affected technologies, available controls, and possible remediation instructions. The solution’s built-in capabilities can be used to configure email templates for notifying users. Security settings are automatically applied based on role and user privileges.
Using the MetricStream solution, organizations can score risks using inputs from self-assessments, asset and vulnerability risk scores, and asset mapping. They can also choose to apply built-in risk scoring methodologies from CVSS , NIST, ISF, and Octave, and then combine all the results for a clear overall risk score. The solution allows for significant customization of these frameworks to suit organizational needs. It also helps define a personalized risk scoring methodology to determine the overall risk, urgency, and priority of response.
The MetricStream solution has a built-in central repository/database and a data integration engine which can be configured to integrate with any third party threat and vulnerability management technology such as nCircle, Nessus, and Qualys . The system extracts relevant threat data from these systems, and stores it in a central database with easy access and search capabilities.
Threat Correlation and Visualization
The MetricStream threat management solution provides a structured overview of the security environment, including all system vulnerabilities, their interrelationships, and their interaction with security or non-security components. The solution also enables organizational administrators to visualize attack trees which represent attacks against a system/ asset group, in the form of a tree structure. Thereby, organizations can easily determine the status of network security performance, and minimize exposure to considerable threats and vulnerabilities.