| The name of the base system (platform): | Security Vision Specialized platform for automating information security processes |
| Developers: | GC Intelligent Security (Security Vision Brand) |
| Last Release Date: | 2024/09/19 |
| Branches: | Information security |
| Technology: | ITSM - IT Service Management Systems |
Main article: IT Service Management, ITSM
2024: "Vulnerability Management" on Security Vision 5
Security Vision on September 19, 2024 announced the release of an updated version of the Vulnerability Management (VM) product on the Security Vision 5 platform.
Security Vision Vulnerability Management (VM) is a comprehensive vulnerability management product that includes detecting vulnerabilities on assets, providing the most detailed information on identified vulnerabilities and recommendations for their elimination (including functionality to automate updates), a control process with confirmation of elimination, monitoring of deadlines and SLA. The updated product consists of three main blocks:
- Asset management, in which the asset base is formed, including scanning and discovery of new assets, their automatic identification, inventory and life cycle management;
- Vulnerability scanning, which presents its own engine for searching for vulnerabilities WindowsLinux on/hosts, environments, containerization application, ON network devices, databases etc.;
- The process of eliminating detected vulnerabilities, including automatic confirmation of fixes and auto-patching.
Within the Asset Management unit, the product provides the functionality of automatic detection and collection of asset data, their categorization and management in accordance with ITIL recommendations, as well as the implementation of a large number of various predefined actions on the assets themselves. Assets are automatically aggregated by subnetworks. The system builds a network map, which is also available graphically.
In addition to scanning, assets can be automatically obtained or enriched from a large number of pre-configured external sources (with the ability to add their sources and integrations): directory services (Active director, Open LDAP, FreeIPA, Astra Linux Directory, etc.), various IPS (antiviruses, SIEM, DLP), infrastructure services, files of various formats, etc. You can also create assets manually.
The product contains various types of assets: servers, AWS, network devices, databases, printers, VoIP devices, etc. Each device type has its own attribute composition, cards for displaying characteristics and working with the object, as well as its own unique set of actions that can be performed on the asset both for collecting data and for making changes to the device configuration.
Each of the predefined asset types can be customized: add new attributes, change the display on cards, in tabular lists or trees, adjust the life cycle process, add new actions for each asset type.
Part of Asset Management is a full-fledged resource and service model, which includes such objects as the Information System, Business Process, Application, Equipment, Suppliers, Products. On object cards, you can fill in their data and build links between objects. You can manually start all Resource Service Model objects or load them from external systems.
The product has built-in functionality for managing and controlling Software the white/black lists used with the ability to maintain white/black lists, lists of allowed and unauthorized, ON as well as centrally manage its update.
To search for vulnerabilities, the system has its own engine, as well as a built-in process for eliminating vulnerabilities with the possibility of flexible customization for each Customer and its internal processes. Scanning can be carried out remotely or through its own "agents." It is possible to scan remote segments without direct network access to the VM server: for this, a separate system component is installed in the form of a service (or a chain of such components), through which all requests are proxied and information is received.
When scanning for vulnerabilities, a large number of settings are available, including:
- scanning modes (fast, file, scanning depth, etc.);
- Scan time limits
- the ability to specify scan windows with a separate option to wait for the desired window (scan windows can be customized individually for each asset);
- the ability to specify exclusion nodes for which no vulnerability scans will be performed;
- and more.
Using templates, you can perform regular scans by button or by schedule.
It is possible to download the inventory results from the file and scan them. This is useful in the case of geographically remote branches or assets to which there is no network access. In this case, a script (for different operating systems) is provided, which can be executed on the host. According to its results, the system will scan for vulnerabilities.
It also supports the processing of scan results from other vulnerability scanners (both proprietary and open source proprietary) with download from file reports or by. API
The product can look for vulnerabilities in a large number of operating systems, system and application software, as well as network devices. These are, Astra Linux,, Alt linux,, Red OS,, Ubuntu, RedHat CentOS AlmaLinux Oracle Linux including Debian all possible Debian-based systems, desktop Windows and server versions, application software (including MS Office those with click-to-run, exchange, sharepoint versions), databases (,,,, MS SQL PostgreSQL MySQL Elasticsearch, etc.), Oracle network devices (,,,, Sun, etc.). Cisco Juniper CheckPoint PaloAlto
Additionally, the product implements the ability to search for vulnerabilities in Docker containers (both running and stopped) and in container images, including in environments running Kubernetes.
The results are provided in detail both for each object (IT asset) and for the entire scan procedure. Each vulnerability reflects the assessments, description, tags and objects on which it was found. Recommendations are also reflected, the implementation of which will correct the discovered vulnerabilities. In addition, recommendations for installing security updates and information on operating systems removed from support are provided.
The vulnerability card reflects a complete description of the vulnerability obtained from various sources (including from expert analytical Internet services), indicates assessments, an attack vector, ways to fix the vulnerability (for various operating systems), the presence of an exploit and a lot of other information.
Several vulnerability management policies are built into the product (based on the CVSS and CIAT metrics of the asset, the user's "Decision Tree," etc.), indicating the SLA for elimination in working or calendar days and the possibility of their full customization for the Customer's internal processes. Users can choose different scenarios for creating tasks and groupings: for example, create separate tasks for certain vulnerabilities and objects, group all vulnerabilities into one asset in other tasks, and create one task for each vulnerability for all assets where it is found for individual vulnerabilities, etc.
The created remediation tasks provide complete information on remediation objects, detected vulnerabilities, their criticality and other characteristics. Tasks for eliminating vulnerabilities can not only be created inside Security Vision, but also automatically transfer information to Service DeskITSM external/systems (, Naumen SD Jira OTRS, Redmine etc.), followed by automatic tracking of execution statuses for all tasks.
Separately, it is worth noting the task confirmation mechanism built into the product. If a task has been completed, it is not its final status. In subsequent scans, the system will automatically check if everything in the task has actually been fixed. If all is resolved, the system will put the task in the "Confirmed" status. But if any of the vulnerabilities remain unresolved, the system will return the task to work and flag that the task has not been solved.
When eliminating vulnerabilities, you can use the automatic "patching" mechanism - by clicking on the button or completely automatically, the system can update the vulnerable software to the current version. Settings are also available to automatically "roll back" changes if they are not applied successfully.
The product provides the ability to add vulnerabilities to exceptions, which allows you to remove them from statistics and not create troubleshooting tasks against them as part of future scanning procedures.
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |