General FAQ

FusionVM is an award winning, patent solution for Risk and Vulnerability Management. It enables a sustainable automated process for managing risk and maintaining compliance. Features include asset discovery and management, security and configuration policy scanning, vulnerability assessment, exceptions management, remediation workflow, risk and compliance reporting.

FusionVM is offered as both a product and service. FusionVM Saas (Software as a Service) is a remotely hosted service in which you manage the solution via a web portal interface that is housed at Critical Watch’s secure hosting center. For external scanning you need no hardware on your network. For internal scans, a VM Server (scanning server) can be placed on your network and managed remotely from the secure hosting center once connectivity is established. FusionVM delivers all the benefits of the FusionVM platform in an appliance that can be installed on your premise.

In general, pricing for FusionVM is based in some way on the quantity of active IP addresses (responding, “testable” systems). FusionVM SaaS is a subscription based model enabling you to pay a monthly fee for the service. If you need internal scanning a set up fee for the VM Server is applied. Still, you own no hardware in the service model. Critical Watch manages and maintains the onsite scanning appliance. FusionVM Enterprise is one-time purchase for the appliance and software license (which is based on the amount of active IP addresses), and annual renewable maintenance for subsequent years.

FusionVM is currently deployed all throughout the world in places like Indonesia, India, Europe, Africa and Canada, as well as the United States. FusionVM’s scalable appliance based architecture enables global scalability. FusionVM’s patented scanning architecture allows for centralized management of distributed scanning servers in any configuration.

FusionVM is updated daily with new vulnerability checks using a flexible tool API. FusionVM supports the CVE standard in its vulnerability database as well. In addition to vulnerability database updates, FusionVM includes a continual passive alert feed component, called Early Warnings. This provides same day alerts on newly emerging vulnerabilities in between active scans by passively correlating new vulnerabilities against the most recent asset baseline (generated by scans). This provides proactive coverage regardless of scan frequency.

FusionVM PCI is a portal based, turnkey service used for fulfilling the quarterly scanning requirement and report submission under the PCIDSS v1.1. Critical Watch has been an approved vendor (now termed Approved Scanning Vendor) for the three years.

Yes. FusionVM is available in a portable laptop configuration. This enables consultants or auditors to take the scanning server with them to the site, connect the laptop to the system management appliance (whether at the Critical Watch Secure Center or at a central location within their own facility) then run FusionVM from any browser.