Am planning to deploy a vulnerability management system in my company
and over here am not talking systems patching solution. We have a huge
infrastructure with thousands in servers and networking equipment
scattered in multiple locations, am looking for some sort of a
centralized framework which will enable us to do the following
* Have a database of vulnerabilities which are customized the
most to our environment,the information can be coming from a
subscription to a vulnerability alert service. Penetration Testing &
Audit reports, Incident management system or from automated
vulnerabilities assessment solutions.
* Ability to define rules for Vulnerabilites rating and priority.
* Link rated vulnerabilites to to listed systems in the corporate
systems inventory.
* Ability to send alerts to system owners through the framwork
* Ability to Monitor the progress on actions taken.
* Identifying and managing multiple and cross-enterprise
vulnerabilities, which will enable effective response to to the
interrelated impacts, and integrated response to multiple
vulnerabilities.
* Ability to produce reports, statistics for higher management
I would really appreciate sharing your thoughts over here. If you have
something similar deployed in your corporation, or if you know a
commercial or open source solution which will do the same.
Am planning to deploy a vulnerability management system in my company
and over here am not talking systems patching solution. We have a huge
infrastructure with thousands in servers and networking equipment
scattered in multiple locations, am looking for some sort of a
centralized framework which will enable us to do the following
* Have a database of vulnerabilities which are customized the
most to our environment,the information can be coming from a
subscription to a vulnerability alert service. Penetration Testing &
Audit reports, Incident management system or from automated
vulnerabilities assessment solutions.
* Ability to define rules for Vulnerabilites rating and priority.
* Link rated vulnerabilites to to listed systems in the corporate
systems inventory.
* Ability to send alerts to system owners through the framwork
* Ability to Monitor the progress on actions taken.
* Identifying and managing multiple and cross-enterprise
vulnerabilities, which will enable effective response to to the
interrelated impacts, and integrated response to multiple
vulnerabilities.
* Ability to produce reports, statistics for higher management
I would really appreciate sharing your thoughts over here. If you have
something similar deployed in your corporation, or if you know a
commercial or open source solution which will do the same.
Thanks folks
Etiqk8
[ reply ]