Unified VRM is the canonical cyber risk database for organization's IT Security teams. Unified VRM is an intuitive, intelligent cyber risk dashboard and analytics system for surfacing, understanding, and remediating cyber risks.
Actionable security insights
Unified VRM helps security teams gather data, identify threats, and act on them before they result in business damage or loss. It offers deep insight into application and infrastructure risk so that you can quickly mitigate threats to your IT resources and evaluate overall health. With Unified VRM, you can view and monitor an inventory of your assets, action on prioritized vulnerabilities, and review the status of remediation workflow, all from a single, centralized dashboard.
Gain visibility into your cyber risk
Unified VRM gives enterprises consolidated visibility into IT assets across vulnerability scanners, and CMDB solutions. Users can quickly understand the number of assets they have, and which assets are critical. With continual bidirectional syncing, organizations understand exactly what changed in their environment and act on the highest priority.
Powerful insights to help enhance your security posture
Unified VRM provides powerful security insights about your IT resources. With this tool, security teams can answer questions like "Which business lines have efficient remediation processes?", "Do I have any exploitable vulnerabilities that are open to the Internet?" and "Which applications are vulnerable to Heartbleed vulnerabilities?". By applying ongoing security analytics and threat intelligence, enterprises can assess their overall security health in a central dashboard and take immediate action on cyber risks.
Flexible platform to meet your security needs
Unified VRM integrates with security tools like Qualys, Tenable, and Rapid7 and asset management solutions from BMC, ServiceNow, and more. Security insights from partner products are aggregated in Unified VRM and can be fed into existing systems and workflows.
Unified VRM features
|Feature Name||Feature Description|
|Asset inventory||Browse your assets across vulnerability scanners and CMDBs and view them in one place.|
|Identify risk hotspots||Find out which business lines are most susceptible to threats using Metrics. Help prevent unintended exposure.|
|Infrastructure vulnerability prioritization||Uncover your business critical vulnerabilities such as cross-site-scripting (XSS) and Heartbleed that put your business applications at risk.|
|Effective cyber risk communication||Quantify your cyber risk to measure and attain security goal metrics. Use qualitative risk vernacular to easily communicate risk to C-Level and key stakeholders.|
|Third-party ITSM outputs||Formalize security commitments from Unified VRM into your existing ITSM tools such as BMC Remedy, Remedy, and more to remove the manual copy and pasting of vulnerability information.|
|Third-party Workstream Collaboration||Share vulnerability information automatically from Unified VRM into your existing unified communications tools such as Slack, email and more to automate the manual copy and pasting distribution.|
|REST API||Leverage the Unified VRM API for easy integration with your existing security systems and workflows.|
When to use Unified VRM
Unified VRM currently focuses on asset inventory, vulnerability prioritization, search, and vulnerability management. Use Unified VRM when you want to understand your cyber risk attack surface and answer questions like:
- How many vulnerabilities with high potential to become a threat do you have, and how many of those are new vulnerabilities
- What your mean time to remediation is and which asset group has the most efficient remediation cycle
- How update is your CMDB, and is your scanner missing assets
- How to search, select, filter, and sort across the following categories:
- Vulnerability data source
- Asset owner
- Time period
How Unified VRM works
Unified VRM creates a unified inventory of your IT infrastructure and applications with the vulnerability and threat findings from infrastructure scanning vendors, application security vendors, and your own security finding sources. Unified VRM enables you to generate curated insights that provide a unique view of incoming threats and attacks to your assets.
Unified VRM asset sync runs at least once each day. You can manually re-sync from within Assets Summary on demand.
Native pentest findings
Unified VRM integrates with NopSec pentest reports to surface potential security risks in your assets. You can see pentest results automatically to have one central location for all vulnerabilities.