Service Provider SMB Foundstone.

Service Provider Vulnerability Management Solutions

The success of modern businesses depends in part upon the ability of the business’s voice and data network to process and manipulate data securely and reliably. Unfortunately, through a combination of weaknesses often found in network hardware and software, as well as poorly maintained network elements, almost all networks are vulnerable and open to attack.

The good news is that by understanding the techniques with which attackers seek to penetrate and compromise a network’s defences, and by having a good understanding of the inherent vulnerabilities of the software and equipment that make up a network, it is possible to reduce the likelihood of an attack succeeding.

The bad news is that as the complexity of networks grows, business organisations find it increasingly difficult to understand and keep a record of exactly what equipment and software they have deployed within their networks. At the same time, businesses struggle to maintain an up to date understanding of the continually evolving threats that attackers could use to exploit the inherent weaknesses and vulnerabilities the may exist within their network.

This presents Service Providers with an exciting opportunity to create and offer their business customers a Vulnerability Management Security service which:-

• Helps their business customers build an ongoing, current inventory of components and assets within their network
• Helps the business customer prioritize the value of the various assets in their organisation, which will then help them prioritize necessary remediation actions.
• Informs the customer of known vulnerabilities within these network components
• Informs them of existing threats that exploit these vulnerabilities
• Prioritizes remediation actions to fix identified vulnerabilities
• Automatically assigns actions to owners and tracks the progress of remediation
• Provides management reports detailing the above, measuring regulatory and policy compliance, and giving an overview of the network’s risk profile

Risk, in the context of network security, is a function of the likelihood of a given threat exploiting a particular vulnerability, and the resulting impact of that adverse event on the organization.