Netsurion Vulnerability Management Overview
Netsurion Vulnerability Management is a vulnerability management service offered by Netsurion® that provides vulnerability assessment, prioritization, and remediation recommendations via an easy-to-deploy solution. It is an add-on to our Managed Open XDR portfolio of Netsurion Essentials and Netsurion Enterprise.
Netsurion Vulnerability Management Service Components
The service is based on three technical components, one is a lightweight scanner node/agent deployed on the site/endpoint, the second is a management console hosted and managed by Netsurion, and the third is the Netsurion console that may be either hosted at Netsurion data centers or on Customer premises. The solution acts as a single-pane-of-glass across all components of the Netsurion service offering.
Implementation
For new installations, a scanner node Open Virtual Appliance (OVA) or scanner agent links will be sent electronically. The scanner node OVA will be deployed on VMware or Microsoft Hyper-V infrastructure within a customer network to be scanned.
The scanner agents are to be deployed on the assets to be scanned and are available for Microsoft Windows, macOS, and Linux.
It is recommended to deploy scanner node, wherever possible. The scanner agent should only be deployed for assets that cannot be scanned from the scanner node.
Netsurion Vulnerability Management Scan Types
Netsurion Vulnerability Management supports various types of scans including device discovery, basic vulnerability scan, file content search, configuration assessment, and compliance scans. Netsurion Vulnerability Management Scans and Audits.
Netsurion Vulnerability Management Onboarding
The Netsurion SOC, in collaboration with the Customer and Partner, ensures a successful startup of the EventTracker Vulnerability Management service.
The onboarding phase includes
- Reviewing the onboarding process, deployment options, and best practices for learning, prioritization, and remediation.
- Planning, gathering information, and scheduling scans and assessments.
- Ensuring the Netsurion Vulnerability Management scanner node/agent is deployed and configured correctly at customer site.
Steady State Operations
- Troubleshooting and management of scan schedules
- Reporting and remediation recommendations
- Change management controls
Netsurion Vulnerability Management Service Deliverables
Netsurion Vulnerability Management generates dashboards and reports based on results that are available for review on the Netsurion console for partners and customers based on user privilege settings. Reports will be posted in the console within 24 hours of scan/audit completion. Customers and Partners are strongly encouraged to review these reports regularly for remediation recommendations and to take proactive steps to mitigate risks.
Vulnerability Summary Report
The Vulnerability Summary Report provides a summary of the assessment, a distribution of vulnerabilities, and the top 10 vulnerabilities found across the targets. This report provides an overview of big-picture results from the assessment and provides details of the following:
- Summary of the assessment
- Vulnerabilities by severity
- Hosts by vulnerability
- Vulnerabilities by class
- Top 10 vulnerabilities
- Top 10 services
Vulnerability Detail Report
The Vulnerability Detail Report starts by providing a summary of the assessment, distribution of vulnerabilities, and top 10 vulnerabilities found across the targets. It then provides complete details of scanned hosts and vulnerabilities including the severity, class, impact, resolution, and technical details. The detailed report provides the following in addition to the summary report:
- List of scanned hosts with number of vulnerabilities detected on each of them
- List of all vulnerabilities detected on each host
- Details of each vulnerability including the severity, class, CVE, CVSS score, impact, resolution, and technical details
Vulnerability Trend Report
The Vulnerability Trend Report provides insights into the status of vulnerabilities compared with the previous scans. This report provides distribution of vulnerabilities as “new”, “preexisting”, “reintroduced”, and “removed” status.
Add-On Threat and Incident Review Report – Netsurion Vulnerability Management + Netsurion Enterprise
When Netsurion Vulnerability Management service is delivered for an existing Netsurion Enterprise Customer, in addition to above reports, the Add-On Threat and Incident Review Report (TIRR) can be prepared by the Netsurion SOC for the Customer to include the critical insights along with guided remediation recommendations. The optional TIRR will be shared as per the Customer subscription service frequency.
Log Retention
On-Premises
Customers who opt to have their consoles at their own location have the option to set up log retention as per their provisioned infrastructure and preferences.
Hosted by Netsurion
Customers who opt to have their Netsurion consoles hosted by Netsurion will have the summary reports and the underlying raw log data retained for up to 400 days in accordance with compliance standards. Unlimited raw log data is stored in hot (local SSD, 35 days), warm (local spindle disk, 36-90 days) and cold (AWS Glacier 91-400 days) locations based on age.
Forensic Search
All received log data is indexed to Elasticsearch using an extensible Common Indexing Model (CIM) and stored on high-speed solid-state drives (SSD) for a period of thirty-five (35) days. Customers may use the flexible user interface to search for log data and thereafter drill down, pivot, time slice, and include/exclude the results. A combination of log source, time, detected fields, and pattern matching is available as search criteria. Search criteria can be saved for future use. Data that is 36-90 days old is available on 10K revolutions per minute (RPM) spindle-based disk and can be searched. Search results can also be exported to a file.
Change Management
The Netsurion SOC implements change control aligned with ISO 27001 and Information Technology Infrastructure Library (ITIL) Change Management.
Netsurion Vulnerability Management Service Support
SLOs that are committed as part of your base service, will apply.