RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

Security Vision Vulnerability Management (VM)

Product
The name of the base system (platform): Security Vision Specialized platform for automating information security processes
Developers: GC Intelligent Security (Security Vision Brand)
Last Release Date: 2024/11/05
Branches: Information security
Technology: ITSM - IT Service Management Systems

Content

Main article: IT Service Management, ITSM

2024

Security Vision 5 Platform Version

An updated version of the Vulnerability Management (VM) product has been released on the Security Vision 5 platform. The developer announced this on November 5, 2024.

The updated Security Vision VM scans assets, provides the most detailed information on identified vulnerabilities and recommendations for fixing them, and implements a remediation process that includes time control, SLA and automatic installation of updates. The product consists of three main blocks:

  • Asset management, in which the asset base is formed (including scanning and discovery of new assets), their automatic identification, inventory, life cycle management and automated administration actions;
  • Vulnerability scanning, which presents its own engine for searching for vulnerabilities WindowsLinux on/hosts, environments, application, containerization ON network devices, databases etc., taking into account restrictions on the timing and use of scan windows;
  • The process of eliminating detected vulnerabilities, including automatic confirmation of fixes, integration with external Service Desk and auto-patching.

This version of Security Vision VM has improved vulnerability scanning mechanisms in container environments, separately implemented for running, stopped containers and images, including in environments running Kubernetes.

Scan modes are implemented:

Pentest - detection and verification of the possibility of exploiting network vulnerabilities, the possibility of using the most serious exploits, selection of weak ones, passwords verification of outdated/vulnerable algorithms enciphering ones, etc.

Scanning Web applications - checks for XSS, CSRF vulnerabilities, SQL injections, RFI, Code injection, disclosure of internal information and site settings, selection of weak passwords, enumeration of users, as well as checking the exploitation of specific Web vulnerabilities, etc.

Retro scan - search for vulnerabilities based on previously obtained data from assets, without connecting to them and waiting for scan windows. This is the fastest scan mode that is convenient to use for frequent checks for new vulnerabilities and urgent threats, as well as for point checks of individual vulnerabilities against internal and external requests. If containers are available, they will also be scanned.

A large number of new asset interaction scripts have been added that allow you to perform typical actions for obtaining information, administering and changing configurations on Linux/Windows hosts, various types of network equipment and databases.

The mechanism of whitelisting/blacklisting, control of allowed and prohibited software, as well as execution of complex scripts during automatic patching, including the ability to cancel the changes, has been improved.

As part of regular updates of vulnerability databases, Security Vision additionally provides information on trend vulnerabilities and additional checks to detect the most current and critical vulnerabilities.

Security Vision 5 Vulnerability Management

Security Vision on September 19, 2024 announced the release of an updated version of the Vulnerability Management (VM) product on the Security Vision 5 platform.

Security Vision Vulnerability Management (VM) is a comprehensive vulnerability management product that includes detecting vulnerabilities on assets, providing the most detailed information on identified vulnerabilities and recommendations for their elimination (including functionality to automate updates), a control process with confirmation of elimination, monitoring of deadlines and SLA. The updated product consists of three main blocks:

  • Asset management, in which the asset base is formed, including scanning and discovery of new assets, their automatic identification, inventory and life cycle management;
  • Vulnerability scanning, which presents its own engine for searching for vulnerabilities WindowsLinux on/hosts, environments, containerization application, ON network devices, databases etc.;
  • The process of eliminating detected vulnerabilities, including automatic confirmation of fixes and auto-patching.

Within the Asset Management unit, the product provides the functionality of automatic detection and collection of asset data, their categorization and management in accordance with ITIL recommendations, as well as the implementation of a large number of various predefined actions on the assets themselves. Assets are automatically aggregated by subnetworks. The system builds a network map, which is also available graphically.

In addition to scanning, assets can be automatically obtained or enriched from a large number of pre-configured external sources (with the ability to add their sources and integrations): directory services (Active director, Open LDAP, FreeIPA, Astra Linux Directory, etc.), various IPS (antiviruses, SIEM, DLP), infrastructure services, files of various formats, etc. You can also create assets manually.

The product contains various types of assets: servers, AWS, network devices, databases, printers, VoIP devices, etc. Each device type has its own attribute composition, cards for displaying characteristics and working with the object, as well as its own unique set of actions that can be performed on the asset both for collecting data and for making changes to the device configuration.

Each of the predefined asset types can be customized: add new attributes, change the display on cards, in tabular lists or trees, adjust the life cycle process, add new actions for each asset type.

Part of Asset Management is a full-fledged resource and service model, which includes such objects as the Information System, Business Process, Application, Equipment, Suppliers, Products. On object cards, you can fill in their data and build links between objects. You can manually start all Resource Service Model objects or load them from external systems.

The product has built-in functionality for managing and controlling Software the white/black lists used with the ability to maintain white/black lists, lists of allowed and unauthorized, ON as well as centrally manage its update.

To search for vulnerabilities, the system has its own engine, as well as a built-in process for eliminating vulnerabilities with the possibility of flexible customization for each Customer and its internal processes. Scanning can be carried out remotely or through its own "agents." It is possible to scan remote segments without direct network access to the VM server: for this, a separate system component is installed in the form of a service (or a chain of such components), through which all requests are proxied and information is received.

When scanning for vulnerabilities, a large number of settings are available, including:

  • scanning modes (fast, file, scanning depth, etc.);
  • Scan time limits
  • the ability to specify scan windows with a separate option to wait for the desired window (scan windows can be customized individually for each asset);
  • the ability to specify exclusion nodes for which no vulnerability scans will be performed;
  • and more.

Using templates, you can perform regular scans by button or by schedule.

It is possible to download the inventory results from the file and scan them. This is useful in the case of geographically remote branches or assets to which there is no network access. In this case, a script (for different operating systems) is provided, which can be executed on the host. According to its results, the system will scan for vulnerabilities.

It also supports the processing of scan results from other vulnerability scanners (both proprietary and open source proprietary) with download from file reports or by. API

The product can look for vulnerabilities in a large number of operating systems, system and application software, as well as network devices. These are, Astra Linux,, Alt linux,, Red OS,, Ubuntu, RedHat CentOS AlmaLinux Oracle Linux including Debian all possible Debian-based systems, desktop Windows and server versions, application software (including MS Office those with click-to-run, exchange, sharepoint versions), databases (,,,, MS SQL PostgreSQL MySQL Elasticsearch, etc.), Oracle network devices (,,,, Sun, etc.). Cisco Juniper CheckPoint PaloAlto

Additionally, the product implements the ability to search for vulnerabilities in Docker containers (both running and stopped) and in container images, including in environments running Kubernetes.

The results are provided in detail both for each object (IT asset) and for the entire scan procedure. Each vulnerability reflects the assessments, description, tags and objects on which it was found. Recommendations are also reflected, the implementation of which will correct the discovered vulnerabilities. In addition, recommendations for installing security updates and information on operating systems removed from support are provided.

The vulnerability card reflects a complete description of the vulnerability obtained from various sources (including from expert analytical Internet services), indicates assessments, an attack vector, ways to fix the vulnerability (for various operating systems), the presence of an exploit and a lot of other information.

Several vulnerability management policies are built into the product (based on the CVSS and CIAT metrics of the asset, the user's "Decision Tree," etc.), indicating the SLA for elimination in working or calendar days and the possibility of their full customization for the Customer's internal processes. Users can choose different scenarios for creating tasks and groupings: for example, create separate tasks for certain vulnerabilities and objects, group all vulnerabilities into one asset in other tasks, and create one task for each vulnerability for all assets where it is found for individual vulnerabilities, etc.

The created remediation tasks provide complete information on remediation objects, detected vulnerabilities, their criticality and other characteristics. Tasks for eliminating vulnerabilities can not only be created inside Security Vision, but also automatically transfer information to Service DeskITSM external/systems (, Naumen SD Jira OTRS, Redmine etc.), followed by automatic tracking of execution statuses for all tasks.

Separately, it is worth noting the task confirmation mechanism built into the product. If a task has been completed, it is not its final status. In subsequent scans, the system will automatically check if everything in the task has actually been fixed. If all is resolved, the system will put the task in the "Confirmed" status. But if any of the vulnerabilities remain unresolved, the system will return the task to work and flag that the task has not been solved.

When eliminating vulnerabilities, you can use the automatic "patching" mechanism - by clicking on the button or completely automatically, the system can update the vulnerable software to the current version. Settings are also available to automatically "roll back" changes if they are not applied successfully.

The product provides the ability to add vulnerabilities to exceptions, which allows you to remove them from statistics and not create troubleshooting tasks against them as part of future scanning procedures.