Threat and Vulnerability Management
Adopt best practices to improve accountability and communication
  Solutions
Quality Management
Regulatory Compliance
Risk Management
Internal Audits
IT GRC
IT Governance and Policy
IT Risk Management
IT Compliance Management
IT Audit Management
IT Incident / Issue
Threat and Vulnerability Management
Vendor Risk Management
Business Continuity Management
IT Asset Management
Smart Grid
Entitlement Management
Green Data Center
Legal GRC
Corporate Governance
Sustainable Environment
  Featured Industries
Banks and Financial Services
Energy & Utility
Healthcare
Health Insurance
High Tech
Manufacturing
Government
more ...  
Home > Solutions > IT GRC > Threat and Vulnerability Management

Threat and Vulnerability Management
Proactively detect and remedy threats before they are exploited
   Favorites Favorites
More Topics
Datasheets
Webinars
Solution Briefs

Business Challenge
Consolidating vulnerability information and security intelligence from multiple sources to manage risk and compliance is a daunting task. It is even more challenging to prioritize and remedy threats in an ever-changing risk landscape beset with targeted IT security attacks such as APT (Advanced Persistent Threats), sophisticated malwares and zero-day worms, as well as client side vulnerabilities (browser, documents, email, etc.)

But despite the increasing complexity of IT environments and rising threat sophistication, you can still get a handle on identifying and controlling the vulnerabilities and threats in your organization. It is all about laying out achievable steps to proactively identify and remedy vulnerabilities, and ensure that your organization’s acceptable risk and compliance levels are not compromised.

MetricStream’s Solution
MetricStream provides an in-built data integration engine to capture vulnerability information from multiple scanning devices, and link them to critical assets for compliance monitoring. The solution integrates with popular vulnerability assessment tools and security intelligence feeds, pulling in relevant threat and vulnerability information, storing it in a searchable central database, and automating the entire lifecycle of vulnerability remediation.

Using the MetricStream solution, organizations can establish a consistent and repeatable threat management process. The solution provides an easy way to harness massive amounts of security data, correlate it with other risk and compliance metrics, and transform it into meaningful dashboard reports to make informed decisions when vulnerabilities occur.

Threat Management Capabilities

Consolidation of Threat Intelligence
Dealing with multiple new vulnerability alerts each week is overwhelming for most IT security staff. MetricStream’s IT GRC solution allows you to manage this information more efficiently by automatically consolidating threat intelligence data from real-time authoritative sources such as the National Vulnerability Database, commercial threat feeds, email advisories, and multiple zero-day and early warning services.

Flexible Threat Definition
Using the MetricStream solution, threats can be classified based on their impact and context to the organization. More flexible options are also available for defining threats based on vulnerability types, malicious code, geopolitical threats, patch levels, exploit availability, access type and complexity.

Proactive User Alerts
The MetricStream solution provides automatic notifications with complete details of each threat, including the severity of the threat, CVE ID, source of the threat, affected technologies, available controls and possible remediation instructions. The solution’s built-in capabilities can be used to configure the email templates for notifying users, and automatically applies the security settings based on role and user privileges.

Risk Scoring
Using the MetricStream solution, organizations can score risks using inputs from self-assessments, asset and vulnerability risk scores, and asset mapping. Organizations can also choose to apply the built-in CVSS methodology, NIST, ISF, Octave and then combine all results for a clear overall risk score. The solution also allows for significant customizations of these frameworks to suit organizational needs as well define your own risk scoring methodology to determine overall risk, urgency and priority of response.

Remediation Tracking
The MetricStream solution has a built-in central repository/database and a data integration engine which can be configured to integrate with any third party threat and vulnerability management technology. The solution already integrates with popular threat and vulnerability software such as nCircle, Nessus and Qualys, extracting relevant threat data, and storing it in a central database with easy access and search capabilities.

Threat Correlation and Visualization
The MetricStream threat management solution provides a structured overview of the security environment, including all system vulnerabilities, their interrelationships, and their interaction with security or non-security components. It also enables organizational administrators to visualize attack trees which represent attacks against a system/ asset group in the form of a tree structure. Thereby, organizations can easily determine the status of network security performance, and minimize exposure to considerable threats and vulnerabilities.
 
  Resources
Webinars
Minimize IT Risks through Automation of IT GRC Process

Managing Healthcare Privacy, Identity Theft & Information Risk
Datasheets
IT GRC Solution
Insights
Challenges to PCI compliance
New Compliance Challenges for the Healthcare Industry
IT BCP and DR
Solution Briefs
IT GRC - Enhancing Technology Capabilities
  Next Steps