BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Beyond Security provides products and services that help organizations test and assess networks, software and web applications for a wide range of security weaknesses. The company's Automated Vulnerability Detection System product is available as an on-premises network appliance or as a software as a service offering.
Beyond Security's Automated Vulnerability Detection System (AVDS) is a vulnerability management tool that scans IP-based networked infrastructure, including servers, firewalls, routers, switches and operating systems, to identify assets and detect vulnerabilities. Administrators do not need to install software or agents on the infrastructure, and they can schedule scans or perform them on demand. AVDS vulnerability databases, meanwhile, are updated automatically each day.
Beyond Security's AVDS doesn't include auto-patching or auto-remediation like some of its competitors. Beyond Security believes that patches must be tested and verified by humans before being deployed, so a few automation features are intentionally not included.
Beyond Security offers a multi-unit AVDS system that can scan tens of thousands of IPs in large environments with segmented or distributed networks, and generate remediation tickets when vulnerabilities are found -- and then track them within the system. The management console enables departmental administrators to perform scans and generate reports on their own parts of the network. An entry-level version is available for smaller networks with up to 500 active IPs -- a single network, single administrator scenario. Customers can also get AVDS as a hosted solution for scanning websites or IPs on the external edge of the network. Scan results may be exported to nearly any type of SIEM, ticketing system or similar systems.
An AVDS scan can also serve as a penetration test by probing an organization's internal network, DMZ and wide area network. Pen tests run automatically, as scheduled, and do not impact network performance or cause damage.
Performance and deployment
Beyond Security's AVDS has a false positive rate of about 0.1%, which is very low for vulnerability scanning tools. AVDS achieves this rate by querying network components and analyzing the resulting behavior to verify vulnerabilities before reporting them to the customer. Many other scanning products primarily perform version checking to determine if vulnerabilities exist, which can increase the number of false positives an administrator must handle.
The vulnerability detection product was designed to be easily deployed and straightforward to use; the hardware version can be up and running within an hour. The reporting system lets an administrator see changes from a security baseline and track remediation efforts. The system can also generate reports for most common vulnerabilities, vulnerabilities by business unit, vulnerability trends and compliance for regulations such as the Payment Card Industry Data Security Standard and HIPAA.
Beyond Security's AVDS is available in several different product versions: AVDS for Corporations (enterprise level), AVDS for small and medium-sized businesses and Hosted AVDS (SaaS offering). Beyond Security also offers PCI scanning as a separate, stand-alone service.
Pricing, licensing and support
Whether a customer uses the on-premises or SaaS version, Beyond Security licenses AVDS based on active IPs, which means the customer pays only for scans performed against IPs in use.
Beyond Security offers unlimited phone support with access to staff experts. Beyond Security also owns SecuriTeam, a security vulnerability information portal that provides security news articles, detailed vulnerability advisories and an Ask the Team feature.
In part one of this series, learn the basics of vulnerability management tools
In part two read about enterprise use cases for vulnerability management
In part three discover the purchasing criteria for vulnerability management tools
In part four compare the leading vulnerability management products on the market