WithSecure Elements Vulnerability Management is a turnkey vulnerability scanning and management platform. It allows you to identify and manage both internal and external threats, report risks, and be compliant with current and future regulations (such as PCI and GDPR compliance). It gives you visibility into shadow IT - to map your full attack surface and respond to critical vulnerabilities associated with cyber threats.
New assets and applications added to corporate networks internally – and to the global Internet via partners and service providers – entail new business-critical vulnerabilities that present an open door to cyber attackers. They call for heightened vigilance and compliance, yet firms still fail to take security seriously enough.
Information security managers need to be able to approach vulnerability assessment from several perspectives in order to get an accurate assessment of risks, minimize security threats, and maintain compliance. Properly executed vulnerability management improves your insight on your organization's security posture.
Unlike any other vulnerability management solution on the market today, WithSecure Elements Vulnerability Management features web crawling technology, called Internet Asset Discovery, that also covers the deep web. With this, you can fulfil a wide variety of tasks ranging from threat assessment to business intelligence. In other words, Elements Vulnerability Management allows you to easily browse through all targets to quickly identify risks and potentially vulnerable connections, and to expand the possible attack surface beyond your own network.
Successful intellectual property and brands often make companies the target for fraudulent or malicious activities. Such activities include brand violation where third parties pose as your company, phishing sites intended to scam or infect visitors, and typosquatting – where someone registers domains using words similar to your brand to redirect traffic using links that look like yours. Many companies have little to no awareness of these sorts of activities.
WithSecure Elements Vulnerability Management Security Center
WithSecure Elements Vulnerability Management Security Center is your dashboard for all reporting, vulnerability management, and incident remediation. A high level of automation will help you to streamline your workflows, automate scans, and deliver detailed reports tailored to all your users. The Security Center is where you can control and assign, follow and manage all security issues in coordination with system administrators, software developers, testers, auditors, and your security team.
- Centralized, uniform vulnerability reporting
- Customizable reports in a variety of formats
- Vulnerability management and ticketing
- API interface for 3rd party integration (e.g. ServiceNow)
- Capability of adding manually identified vulnerabilities
- Scheduling of scans, and notifications when new hosts and vulnerabilities are detected
Discovery scan
Identify assets for security vulnerabilities scanning and monitor network changes.
- A fast, reliable, asynchronous port scanner
- Fast host discovery mode for internal networks
- Supports service and OS detection
- Adjusts scan speed to suit network capacity
System scan
Identify security vulnerabilities associated with configuration errors, improper patch management, implementation oversights and more.
- Identifies all known vulnerabilities
- Scans any network device that talks IP
- Supports Windows and Linux authenticated scanning
- Delivers high accuracy, with low false positives and negatives
- Stays up to date based on public vulnerability databases as well as vulnerabilities—including zero-day threats—discovered during WithSecure penetration testing
Web scan
- Scan and detect security vulnerabilities within commercial and custom-built web applications. Test for numerous vulnerabilities, including the OWASP Top 10.
- A web application scanner that can identify vulnerabilities within custom applications
- Supports form-based authentication
- Supports web application crawling
- Supports assisted crawling and submission of forms
- Scalable to allow a limitless number of web application scans
Internet Asset Discovery
- Detect orphaned or shadow systems (shadow IT) and identify potential risk concentration and unintended interdependencies
- Detect malware-infected websites
- Monitor phishing and brand infringements to protect your brand and intellectual properties against fraudulent or malicious activities
- Audit your service providers' security practices, in cases where your own security policies differ from those of a partner
PCI Compliance
- WithSecure is qualified as a Payment Card Industry's Approved Scanning Vendor (PCI ASV)
- WithSecure Elements Vulnerability Management is compliant with PCI ASV vulnerability scanning requirements
- Prepare for PCI compliance by running pre-validation scan
- EU-based partner that complies with EU regulations
- Carry out regular testing and identify new vulnerabilities
- Generate user-friendly reports for all users