BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
Critical Watch, a cybersecurity vendor specializing in risk management and compliance, has focused on vulnerability management since its inception in 2000. This article focuses on the company's FusionVM vulnerability management products -- namely, FusionVM SaaS and FusionVM Virtual Enterprise. The software as a service product is entirely cloud-based, and the Virtual Enterprise version is a virtual appliance and virtual scanner.
Critical Watch was acquired by cloud security vendor Alert Logic in 2015. While Critical Watch FusionVM products are still supported, they are no longer available as standalone products. FusionVM technology, however, is used in other Alert Logic products; for example, Alert Logic Cloud Insight, which provides vulnerability and configuration management for Amazon Web Services workloads, uses the Critical Watch FusionVM scanner.
Two other products in the Critical Watch portfolio are FusionVM MSSP and FusionVM Profile Validator for HP/TippingPoint IPS. The MSSP product, which is designed for managed security service providers, combines SaaS with appliances on the internal network and is geared for large environments with security operations centers. The Profile Validator is more of a specialty product designed for use specifically with HP Tipping Point intrusion prevention systems.
FusionVM provides standard features found in most vulnerability management products: interrogation of active and inactive hosts, discovery of networked assets -- which may require authenticated access -- and detection and prioritization of vulnerabilities. The interface is easy to use and contains lots of dashboard elements (e.g., charts, graphs, gauges and others) for administrators. FusionVM also displays compliance with risk and security configuration policies.
Critical Watch uses the National Vulnerability Database method for calculating risk scores, that is, Low-Medium-High severity rankings and numeric CVSS scores. Critical Watch also assigns a Warning level to nonvulnerability exposures that are for informational purposes only.
FusionVM enables administrators to manage remediation workflow -- based on noncompliance -- as well as enterprise-grade ticketing. Tickets may be assigned to individuals or groups, and the system displays a status of current assignments as well as severity level.
Critical Watch's vulnerability management products differ from some of its competitors; FusionVM, for example, does not provide penetration testing or attempt to exploit detected holes or weaknesses. Critical Watch suggests that customers consult a third party for pentesting, if desired. FusionVM also does not provide a complete web application test or source code audit, although it does perform a deep, page-level scan of common attack vectors, including SQL injection, cross-site scripting, HTTP PUT allowed and others. It also indexes web servers, provides a list URL links and checks each webpage separately.
In addition to compliance reporting that can identify violations to specific assets, FusionVM also provides a Remediation Report feature that gives customers a broad view of vulnerability remediation activity across the organization. The reporting includes information regarding open tickets, closed tickets and the average time needed to close a ticket, among other metrics.
Pricing, licensing and support
As a result of last year's acquisition by Alert Logic, Critical Watch FusionVM products are no longer offered as stand-alone products. Enterprises interested in FusionVM or related products should contact Alert Logic for more information on how FusionVM technology is leveraged within the Alert Logic product line, which includes Cloud Insight and Threat Manager. Alert Logic offers a price calculator for Cloud Insight based on the number of Amazon Web Services instances running in the customer's cloud environment.
Alert Logic also provides 24/7 technical support for customers via its Security Operations Center staff. The company also offers a knowledge based section on its website with FAQs, best practices and educational resources for customers on a variety of topics such as compliance and vulnerability scanning. In addition, the FusionVM Virtual Enterprise portal is still active and contains updates on the latest security advisories and vulnerability discoveries.
In part one of this series, learn the basics of vulnerability management tools
In part two read about enterprise use cases for vulnerability management
In part three discover the purchasing criteria for vulnerability management tools
In part four compare the leading vulnerability management products on the market