Vulnerability Intelligence

Real-Time Software Vulnerability

Software Centric Solution

No network impact

  • Provide vulnerability ‘CVE’, correlated directly to unique product enumeration ‘CPE’ of all of your Public Cloud instances, no matter how dynamic your EC2 usage.
  • Detect hosts associated with severe software vulnerabilities
  • Shorten investigations cycle with identification of patches associated with those vulnerabilities
  • Share critical software vulnerabilities across teams
  • Be proactive in dealing with software vulnerabilities and maintaining security posture
  • Provide real-time visibility into your Logical Vulnerabilities
  • Prioritize your remediation plans
  • Keep you ahead as risk emerges, priorities shift, and IT landscapes change, and does so ALL Within Your GRC System.
  • Roll-up at Minor and Major Versions for License Compliance
  • Identify software that reaches and/or passes end-of-life
  • Provide the list of available patches when it exists

Vulnerability Intelligence

“A Vulnerability Intelligence program should be a key component of any sound network security strategy. It should dovetail with a Vulnerability Assessment process and a patching/remediation process. While a Vulnerability Assessment process will tell you what needs to be patched, Vulnerability Intelligence should tell you what needs to be patched first and what new patches need to be evaluated.

Kevin Liston

Scanned vs Logical Vulnerabilities

  • fatstacks sRTMS associates CVE to inventory. call it logical vulnerabilities vs. scanned vulnerabilities.
  • Scanning is technically challenging and expensive.
  • Logical vulnerabilities have better coverage (agent).
  • sRTMS found vulnerabilities missed by scanner and vice versa.

Scanned + Logical = Vulnerability Intelligence

vulnerability intelligence hybrid dataflow