This white paper explains the evolving needs for vulnerability assessment, the special requirements inherent within large enterprises, and how SecureScout SP from netVigilance meets those needs.
Contents
Introduction .......................................................................................................................3
Overview - the Power of Vulnerability Assessment..........................................................3
The role of Vulnerability Assessment................................................................................5
Evolution of Enterprise Vulnerability Assessment Needs .................................................5
SecureScout SP - Vulnerability Assessment for the Enterprise......................................8
SecureScout SP Architecture..........................................................................................10
Summary.........................................................................................................................14
Appendix A - Technical Specifications ...........................................................................16
netVigilance Inc 2 Vulnerability Assessment for the Security Operations center
Introduction
This white paper explains the evolving needs for vulnerability assessment, the special requirements inherent within large enterprises, and how SecureScout SP from netVigilance meets those needs.
Overview - the Power of Vulnerability Assessment
Intrusions into corporate networks by Hackers, Virus', Worms, Trojans and other forms of Malware are increasing exponentially year to year. The costs associated with confronting cyber attacks in terms of loss of business, loss of productivity, loss of shareholder confidence, fines, litigation, regulatory penalties or even jail time threaten to spiral out of control if the problem is left unchecked.
Even though the number of threats to our data assets are increasing at an alarming pace; the actual number of known vulnerabilities that these threats exploit is staying relatively flat. Finding and fixing network vulnerabilities before they can be exploited, greatly reduces the likelihood of a catastrophic attack.
In a 2005 survey of 1400 CIOs, a majority 35% listed network security as there top 1initiative and greatest concern . Another survey conducted jointly by Computer Sciences Corp. and the Financial Executives International (FEI), only 20% of CFOs are satisfied with their corporate security policies, 24% chose increased information 2security as their chief concern and foresee network security expenditure to increase over the next several years.
With a dizzying array of network security products to choose from, the customer has a daunting task of deciding which methodologies to deploy for the maximum price / performance ratio. One must choose carefully to find solutions that have the greatest
1 Robert Half technology; 2005
2 Financial Executives International; 2005
netVigilance Inc 3 Vulnerability Assessment for the Security Operations center
impact on reducing your cyber threat profile, with the least impact on your budgetary and manpower resources. Network security solutions are typically divided into two primary classes: Preventative and Responsive. Some types of responsive techniques include:
. Intrusion Prevention, Content Filtering - block transmission of suspicious traffic based on pre-defined signatures. These systems can be easily fooled by slightly altering the appearance of the malicious traffic.
. Intrusion Detection, Systems Monitoring - detect anomalous traffic that might be an attack and alert system administrators for countermeasures.
. Anti-Virus - trap viruses and repair damage if possible.
. Forensics - perform an investigation of an attack, and attempt to determine the extent of the attack, scope of damage, evidence of perpetrators, and gain knowledge to improve systems fo... [download for more]
