The identification and remediation of security vulnerabilities is an absolute necessity in mitigating the threat of data breaches and system compromises. Attempting to stay ahead of threats, organizations may deploy one or more scanners to identify vulnerabilities, only to produce too much information to be helpful in managing security risks. This deluge of data leads to a poor hand off to IT operations in addressing tactical security vulnerabilities, as well as limited to no visibility into remediation efforts to close those gaps. Organizations that have implemented vulnerability scanning solely for compliance purposes also receive limited added value for the effort. Ultimately, attempting to manage the large volume of vulnerability data without a sound process to prioritize security issues drastically reduces the effectiveness of this fundamental control.
IT Security Vulnerabilities Program
RSA Archer IT Security Vulnerabilities Program offers security teams a big data approach to identify and prioritize high risk threats. Proactively manage IT security risks by combining asset business context, actionable threat intelligence, vulnerability assessment results, and comprehensive workflows in one place. IT assets can be cataloged with a full business context overlay to prioritize scanning and response. The consolidated research platform for vulnerability management enables centralized tracking and remediation of related issues.
With IT Security Vulnerabilities Program, IT security analysts can implement alerts, explore vulnerability scan results, and analyze issues as they arise, which all help to boost the closure rate for critical gaps. The ability to research known vulnerabilities helps prioritize efforts for IT operations, resulting in reduced cost, less time and effort, and visibility into dangerous vulnerabilities on critical assets. A powerful and flexible rules engine highlights new threats, overdue issues, and changing business needs. For business and IT managers, a consolidated management module integrates powerful analytics with reporting, workflows, and a risk-management framework to enable data-driven security decisions. Using the IT Security Vulnerabilities Program application, organizations can effectively manage the entire vulnerability lifecycle, from detection and reporting through remediation and verification.
- Centralized catalog of IT assets
- Central repository and taxonomy for vulnerability data
- Integration with multiple scanning technologies
- Large data/high volume storage of vulnerability scanning results
- Reporting and researching platform
- Rules-based issues management
- Visualization of vulnerability trends
With IT Security Vulnerabilities Program, you will see:
- Reduced time to consolidate and report on vulnerability scanning
- Reduced effort for employees to remediate critical vulnerabilities
- Lower overall costs and risk associated with vulnerability management
IT Security Vulnerabilities Program is a use case in the IT Security & Risk Management solution area. The following sections describe the use cases that IT Security Vulnerabilities Program requires as a prerequisite, which use cases you can upgrade to as your program matures, and which use cases in other solution areas you can integrate for additional business context and functionality.
Prerequisite and next use cases
IT Security Vulnerabilities Program
| || || |
The RSA maturity models outline the key capabilities necessary to support an organization’s journey from siloed reactive, compliance-driven processes to an integrated risk-centric, GRC program. The following diagram shows where the IT Security Vulnerabilities Program and related use cases fall on the maturity spectrum. To learn more about the maturity model, see the "RSA Archer Maturity Model for IT & Security Risk Management" white paper on RSA Link.
The following resources are available for the IT & Security Risk Management solution area:
RSA Archer 6.5