This article can also be found in the Premium Editorial Download "Information Security magazine: Why business managers are a breed of security professional."
Download it now to read this article plus other related content.
nCircle's IP360 Vulnerability Management System
Price: Starts at $26,000
|nCircle's IP360 Vulnerability Management System|
Vulnerability management is more than running VA scans and applying patches or configuration changes. Without policies and processes to identify, prioritize and remediate vulnerabilities and validate fixes, enterprises can be overwhelmed, and their most critical systems exposed to threats.
nCircle's appliance-based IP360 Vulnerability Management System can help large organizations mitigate vulnerabilities in a methodical way, providing systematic asset management, vulnerability identification, in-trusion detection correlation and robust reporting.
IP360's architecture is built for scale; distributed Device Profiling appliances employing nCircle's proprietary scanner gather vulnerability information from any IP device and feed it to the central management appliance, VnE Manager. One VnE Manager can manage approximately 50 distributed Device Profilers.
From the VNE Manager, security managers can quickly assess the current security posture of their organization, from enterprise-wide view to the device-level. Automated workflow and ticketing allow organizations to initiate and track remediation efforts.
nCircle has created an easily understandable and straightforward Web-based management interface divided into four logical components: Administer, Discover, Analyze and Respond.
The exception is the interface for selecting vulnerabilities for which you want to scan. The nCircle model is based on continuous scanning, which they say is how most of their customers use the product. However, the interface is poorly suited if you want to create targeted scans. The vulnerabilities are listed in a small, fixed window and aren't organized, nor are they identified by OS or application.
The Administer control panel is designed to fully manage the system's configuration, including the database, software upgrades and diagnostics.
The Discover panel is the heart of the security system, where managers can create vulnerability scans, schedule scans and view their progress.
The Analyze and Respond panels run snapshot and trending reports on the environment's vulnerability status, and manage the internal ticketing system for identified vulnerabilities, respectively. IP360 issues serviceable technical reports for operational managers and executive-level reports—top vulnerabilities, systems showing most vulnerabilities, etc. IP360 also has a useful "scoring" report, based on user-designated system priority and the number and severity of vulnerabilities reported. This is useful for viewing trending and establishing priorities.
The Respond component also permits security managers to access and configure IP360 information to be sent via SNMP traps to third-party network and security applications, such as SIMs, IDSes, patch management tools, ticketing systems and network management systems.
This was first published in June 2005