trustedagent grc for vulnerability management and continuous monitoring
TRANSCRIPT
Audit Management Compliance Management
Vendor Risk Management
Vulnerability
Management Incident Management
TrustedAgent Policy
Management Risk and Compliance
Governance
Enterprise Risk
Management IT Governance
Continuous
Monitoring
With thousands of hardware, O/S and applications across your network, are you really managing your vulnerabilities?
Internet With thousands of hardware, O/S and applications across your network, are you really managing your vulnerabilities?
Vulnerability Management Challenges
Managing vulnerabilities is straining your IT resources leaving little progress for improving and sustaining your security posture.
Managing vulnerabilities is straining your IT resources leaving little progress for improving and sustaining your security posture.
Vulnerability Management Challenges
Reporting is time-consuming, inefficient, and error-prone which limits visibility into the organization security posture.
Reporting is time-consuming, inefficient, and error-prone which limits visibility into the organization security posture.
Vulnerability Management Challenges
One data breach can result in financial penalties, lost of brand recognition, reduced productivity, legal liabilities, or increased scrutiny from regulators.
One data breach can result in financial penalties, lost of brand recognition, reduced productivity, legal liabilities, or increased scrutiny from regulators.
Vulnerability Management Challenges
Introducing TrustedAgent
• Comprehensive, enterprise platform that integrates, standardizes, and automates existing IT GRC processes.
• Enables organizations to meet the challenging, complex, and ever-changing requirements of PCI, SOX, HIPAA, NERC, GLBA, FISMA, and many others.
• Improves existing business processes and best practices using frameworks such as ISO 27001/27002 and COBIT, to achieve cost reduction, eliminate waste and gain operational efficiencies.
TrustedAgent Benefits
• Provides an enterprise solution that integrates, standardizes, and enhances the management of security risks, privacy, and regulatory compliance across the enterprise.
• Reduces time and costs associated with risk management
activities through collaboration, dashboard analytics, and automated reporting and document generation.
• Provides a standard of care to minimize security risks, legal liabilities, and penalties, and to facilitate communications with shareholders, customers, regulators, and insurers.
• Continuously monitors and assesses critical business assets
and functions to gain visibility into and improve their security and compliance posture.
Vulnerability Management and CDM
Risk Analysts
- Confirm
effectiveness of
remediation
Risk Analysts, CISO,
Security Managers
Regulators,
Senior Management,
Insurers
Users
TrustedAgent syncs
vulnerabilities into
new, existing, completed
and repeated
vulnerabilities
Risk Analysts
- Review results via
online view of findings
Risk Analysts
- Prioritize findings to address
- Fix findings
Users
Benefits of Vulnerability Management using TrustedAgent
• Get visibility to all assets and the relationships of the assets to the organization’s business processes, regulations, or standards through a centrally-managed asset repository.
• Track identified vulnerabilities against impacted assets. Automatically reconcile new vulnerabilities from existing and repeat vulnerabilities.
• Prioritize and plan remediation through data-driven risk-based decision.
• Proactively maintain and ensure completeness of regulatory compliance by supporting ongoing or continuous monitoring of the assets for vulnerabilities.
Supported Scanning Tools
Support integration with the following vulnerability assessment and asset discovery tools.
Trademarks and copyrights are properties of their respective owners.
NMAP
* *
*
* *
* Indicate s direct integration is supported. Otherwise integration is supported through XML data import.
Using TrustedAgent for Vulnerability Management
Step 1. Manage Entities for Systems, Sites, Programs,
Vendors, Audits, and Processes
Using TrustedAgent for Vulnerability Management
Step 2. Manage Assets Associated
with Entities
Step 3. Import Assets From Excel, XML Scan Results, or Nmap Discovery
Nmap
Step 4. Lookup and Assign Assets to
Entities from a Master Asset Repository
Using TrustedAgent for Vulnerability Management
Step 5. Setup Scan Configurations. Define
Scan Intervals, Assets to Scan, Scan Policy, etc.
Step 6. Initiate Scans. Reconcile Scan Results.
Note: TA also supports passive download and reconciliation of findings from the scanning software (without scan initiation).
Note: See slide 12 for list of scanners supported.
Using TrustedAgent for Vulnerability Management
Step 7. View Scan Summaries
Step 8. Auto-reconcile the Findings as New, Repeat, Completed, or Mapped to
Existing Findings
Step 9. Manually Reconcile by Assigning
Findings and Associated Assets to Entities
Systems
Programs
Sites
Vendors
Using TrustedAgent for Vulnerability Management
Step 12. Accept
Findings to Create
Corrective Action Plans
Step 13. Link Findings to Existing Corrective Actions. Reject Findings as
False Positive
Using TrustedAgent for Vulnerability Management
Step 14. Generate Dashboard Reports
Step 15. Generate Enterprise Risk
Reports
Contact Information, Q&A, and Next Steps
Trusted Integration, Inc.
525 Wythe Street
Alexandria, VA 22314
703-299-9171 Main
703-299-9172 Fax
www.trustedintegration.com