Partner FAQ

FusionVM, from Critical Watch, is an enterprise class vulnerability management system that goes beyond just scanning and tracking vulnerabilities to provide a powerful, enterprise business process platform that integrates and automates the complete lifecycle from discovery to closure in a way that is uniquely optimized for your client’s business.  FusionVM enables your clients to collaboratively manage security across multiple internal groups, scale the process across the entire enterprise and gain a new level of ongoing security insight by viewing vulnerabilities in the context of their business.

FusionVM is offered as both a remotely managed service as well as an enterprise product that resides on the client premises. With the managed service, an internal scanning appliance is used to reach private networks. Also, for those partners with a consulting model, scanning appliances come in laptop form to enable greater mobility. Assessments can be set up and managed from any browser using the web based service model.

FusionVM’s flexible deployment options (scanning laptops or appliances) and ubiquitous browser interface make it an equally effective solution for single engagements or ongoing annuity based services. Also, vulnerability management is a strategic process that is ongoing with a broad footprint across the client environment. This provides opportunities for deeper relationships with your clients across various practice areas.

As your clients continue to search for ways to proactively secure their networks while cost effectively sustaining and monitoring regulatory compliance, vulnerability management is a total solution that embeds an ongoing operational process to achieve these things.

A true, enterprise-wide vulnerability management process includes a complex set of tasks for large organizations. FusionVM offers a platform that, through automation, enables even the largest, most distributed organizations to quickly deploy and scale their vulnerability management efforts. Also, FusionVM is flexible so reports, alerts and remediation tickets can be viewed and organized based on meaningful business groupings. This enables security metrics to be viewed from any vantage point in the organization, and vulnerabilities to be managed in the context of your client’s risk management objectives.

For clients using the managed service option, the principle security benefit is that of centralized data storage and security. Encrypted storage means there is audit trail associated with data access. Software solutions create a less secure scenario in that sensitive data can be left on corporate networks, or on stand alone computers or laptops. For service clients FusionVM security practices include:

• All data transport is encrypted using DSA public/private keys for authentication and Blowfish encryption for transport layer security.  128bit SSL encryption is typically used between the client and FusionVM Portal web services.
• Secure scanning appliances are built on a hardened BSD platform with minimal ports and services. Initiates outbound connection only and can be configured to operate through a proxy. No changes to firewall policy are needed.
• Multiple layers of database security including file encryption, user authentication, and inherent logical design, insure information is protected.
• Critical Watch utilizes regular outside audits to validate system security.

Lastly, FusionVM is also offered as an enterprise product to be placed on the customer site. In this case, all sensitive data remains on site, with all the benefits of centralized storage, management and security described above.

FusionVM is best suited for large enterprise organizations that have a complex distributed network environment. This generally would include Global 2000 companies. These types of companies will have regulations to adhere to, whether it be Sarbanes Oxley, PCI, GLBA, HIPAA, etc…These types of companies are also more likely to have had experience with vulnerability scanners, so they’re well acquainted with the limitations and costs of that approach, thus being receptive for a more effective solution. However, there are cases where organization size is not the main driver. Some organizations are small companies that may derive all their revenues from online transactions, or perhaps a back-office company that is small, but provides outsourcing of a critical business component (check clearinghouse, etc…)

The FusionVM administrator training course can be carried out through online webinars or on site. The class contains seven course modules dealing with each major functional component. Critical Watch also provides a training portal for performing exercises during the training course. The class is geared toward product administrators.

• Access to priority support services via phone or email
• Optional customized branding on the portal interface on a per client basis
• Free evaluation process is in place to enable easy introduction to FusionVM
• Access to sales and technical training
• Logo placement on the Critical Watch website and opportunities to leverage various co-marketing programs
• Critical Watch partners leverage discount pricing to drive high margin annuity-based revenue streams.

Fill out the "Become a Partner" form on our website and a Critical Watch partner support representative will contact you.