Features: FusionVM - Security, Risk and Compliance Management

FusionVM Enterprise from Critical Watch enables organizations to reduce risk and sustain compliance by automating Vulnerability Management and Security Configuration Policy Compliance with a globally scalable, easily deployable solution.

Vulnerability Management

FusionVM automates this key risk and compliance process in a way that is uniquely optimized for your business needs and regulatory requirements.

Discover and Classify Critical Assets - Automatically discovers and profiles assets including devices, ports, operating systems, services, applications, versions and vendors.


• Evaluates both active and inactive IP addresses within a given range
• Detects wireless access points

• Catalogs network devices such as firewalls, IDS/IPS, routers, switches, hubs as well as servers, printers and desktops
• Lists installed applications
• Identifies standard and non standard open ports
• Identifies known and unknown services
• Provides search capability of various asset and configuration oriented report views for inventory analysis

Determine Risks on Key Assets - As an agentless solution, FusionVM enable safe, scalable and thorough testing of enterprise networks on a repeatable basis, through both zero-privileged and credentialed scanning. In addition to traditional broad based network assessment coverage, FusionVM also addresses web application and database vulnerabilities in a single platform.

• Analyzes enterprise networks from both external and internal vantage points
• Evaluates known vulnerabilities from OS to databases to devices to web applications
• Web application scanning provides support for HTTP virutal hosts to assess multiple websites on a single server
• Discovers and identifies missing patches for Windows, Unix and Linux

• Manages bandwidth utilization through bandwidth setting at the scan job level
• Enables the flexibility for recurring assessments to be scheduled according to operational and business objectives
• Allows users to set acceptable time windows to run assessments by using Operational Windows
• Provides access to various data views under the Jobs Manager tab through screen export and print functions
• CVE compliant vulnerability database displays CVE # in exposure detail descriptions

Track and Audit Exceptions- FusionVM enables the ability to embed your unique business risk requirements for optimizing mitigation efforts and report effectiveness.

• Filters Management provides the ability to suppress acceptable risks from the ongoing reporting.  This reduces the effort of re-analyzing known non-issues and enables teams to focus on mitigating business critical issues
• Filters Management logs the original author of the filter, the reason for the filter, filtered date, expiration date and complete history of any edits to the filter.
• Port customization enables tailoring of scanning to avoid sensitive ports or custom applications
• IP exceptions list can be used to track specific hosts to be omitted from scanning entirely

Manage Remediation Workflow Provides a workflow platform for assigning, tracking and validating remediation tasks across large enterprises with multiple operational teams participating in the process.

• Managers can create tickets (set severity, due dates, comments) and assign them to individual users or groups
• Assignments can be set up using various aggregate grouping types (by exposure, by IP, by Job)
• Managers can view all current assignments along with status, severity and past due flags
• Technicians can view “My Assignments” to access assigned tickets
• Due dates enable enforcement of policy on acceptable remediation time windows
• Managers and Technicians can view the complete history of a particular ticket
• Easily accessible web links to available manufacturer patches or workarounds as well as original advisories provide detailed solution steps written in simple, real world language to enable action by IT personnel

Prevent Threats with Continual Alert Feeds - Delivers same day alert feeds on newly emerging vulnerabilities as applicable. These alerts are driven passively off of the current asset baseline, and occur automatically without requiring an active scan to provide proactive risk management over an above scheduled scanning.

• Alerts are correlated against the most recent asset profile and delivered to the responsible administrator
• Alerts are sent via encrypted email and are also available via web report views

• Alerts identify affected machines, detail severity, likelihood of exploit, skill level needed to exploit and provide links to references, fix instructions or available work-around

Administer Feature and Reporting Access with Enterprise Permissions - The CEM defines the process administration layer that defines how the process is prioritized and managed across a distributed set of users requiring varying levels of access and report visibility.

• Hierarchical tree provides the fundamental permission and reporting structure and can be built around division, platform, asset type, business role of asset, regulatory requirement, audit requirement or any other business meaningful structure
• Flexible permissions management provides both fine grained and templated approaches to user and group administration that go beyond basic hierarchical models
• Visibility and Access further tailors user levels by hiding or displaying functional tabs based on required role.
• Defines stakeholders’ (operations, security, audit) span of control -  asset responsibility and accessibility to different features and functionality
• Enables distributed operational autonomy without sacrificing central oversight
• Delivers reporting, alerting and workflow that enables the unique ability to align security efforts with business priorities while supporting regulatory and policy compliance
• Enables auditing of user log in activity as well as other data views under the CEM tab through screen export and print functions

View Metrics with Flexible Reporting - FusionVM delivers a powerful and unique reporting capability. Leveraging the CEM, it delivers new dimensions of security visibility based on an organization’s own unique business environment and risk management requirements.  Individual asset owners receive report information personalized for them based on their role and the assets for which they are responsible, while management and security teams can rollup aggregate information and also drill down from any vantage point on the CEM tree.

• Reports are dynamically mapped against the user defined CEM tree structure
• From any point on the CEM tree structure, a user has access to the full compliment of reports in a flexible drill down/roll up format
• Trend analysis establishes baselines, then enables performance measurement over time
• Historical reporting on a per job basis aids in fulfilling audit requests or tracking specific questions on past scans.
• PCI Preparation Reporting provides informal PDF reporting displaying the PCI vulnerability categories to prepare for formal certification scans
• Risk scoring leverages embedded FusionVM risk algorithms as well as CVSS v2
• Report types include:
• Summary graphic charts and dynamic trend calculator
• By Risk Report  – Groups vulnerabilities and missing patches by risk with drill down capability to see detailed fix instructions, useful resources and affected devices
• By Host Report – Groups vulnerabilities and missing patches by host with drill down capability to see detailed fix instructions, useful resources and affected devices
• Profiles – Detailed enumeration of asset configuration. Catalogues available services, open ports, applications installed, OS, machine name, and versioning information
• Early Warning Alerts – Sorted by most recent (and also grouped by High/Medium/Low/Warning), a listing of all the newly emerging vulnerabilities that are mapped to customer’s specific network assets is displayed
• Open Services – Includes a Known Services report that groups assets by service and an Unknown Services report that highlights suspicious services on suspicious ports
• Variance – Captures remediation progress from one scan to the next. Enumerates new, resolved and unresolved vulnerabilities, all from the previous scan date
• Report tab export options include Adobe Acrobat, MS Excel, HTML, TIFF, XML and CSV

Security Configuration Policy Compliance

Agentless scanning enables a closed loop process for setting vulnerability and configuration policies based on business and regulatory requirements and validating ongoing compliance.

Vulnerability and Risk Policy

• Apply policies to an asset or groups of assets
• Enforce and track policies associated with age of vulnerabilities, scan frequency, risk scores and remediation status
• Measure risk on key compliance-related asset groups through the Risk Scoring component

Security Configuration Policy

• Credentialed discovery validates optimal secure configurations
• Over 200 Windows Policy Checks insure compliance with industry standards such as CIS Windows Benchmarkss
• Policy categories address Service Packs, Major Auditing and Account Policies, Minor Auditing Policies, Event Log Settings, Major Security Settings, Available Services, User Rights, Minor Account Policies and Minor Security Settings

Compliance Dashboard

• Provides a global view into overall compliance status
• Asset-specific and policy-specific views to quickly pinpoint and mitigate key violations

• Auditable reporting for compliance on key asset groups relating to Sarbanes-Oxley, HIPAA, GLBA, PCI, FISMA, and other standards
• View Compliant and Non-Compliant Dashboard for most compliant or non-compliant assets, operating systems or policies
• View compliance or non-compliance by custom asset tag views
• Compare compliance status across assets, operating systems or policies
• Reporting provides visibility to disallowed applications and services
• Flexible permissions give view to specific assets for compliance dashboard access only

Asset Management

FusionVM facilitates an effective understanding of your enterprise environment with automated discovery, flexible asset naming and detailed tracking.

• Dedicated asset management database for organizing, editing and tagging assets
• Detailed asset tagging capability to apply user-specific labels for assets created in FusionVM
• Asset tags include standard options as well as ability to create custom tags
• Search asset database with Asset Management permissions
• Rogue device tracking to detect unknown hosts
• Track asset ownership in static or dynamic environments

Integration

LDAP User Authentication

FusionVM enables unified user sign on by integrating the authentication function of the FusionVM web interface with existing client LDAP directory infrastructures. This optional feature enables access to FusionVM to be limited to users with domain access, while also allowing those users to sign-on using their standard network login and password. 

Open Architecture

• Browser based export module enables various screen views to be downloaded in the following formats
  • XML
  • HTML
  • CSV
  • MS Excel
  • Adobe Acrobat
• FusionVM Client Reporting Applications (CRA) Database enables users ODBC access to vulnerability and asset configuration data schema for creating custom reports or other related projects
• Reporting Export Manager provides a central console for requesting exports of various report types, as well as an individualized list of exports that are complete and ready for downloading for the requestor