This page documents production updates to Unified VRM. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.

To get the latest product updates delivered to you, add the URL of this page to your feed reader.

Q1 2020

• Data Warehouse rebuilt
• Data microservice Ingestions optimization
• Instant Search(ElasticSearch) enabled 
• CrowdStrike Store API Updated 
• Custom Metrics Optimization
• Bug Fixes 

Q4 2019

• On-Prem InsightVM Bidirectional Risk Acceptance
• Service Now Ticketing integration
• Onprem Security Center Plugin
• CrowdStrike Store Integration
• Bug Fixes

Q3 2019

• SSO Login
• Role based Access Control
• User permissions
• Custom metrics based line (Tableau integration)
• Robust API  for Vulnerability, Assets, users (i added this one)
• Bug Fixes

Q2 2019

• Unified VRM ServiceNow Asset CSV file upload
• Qualys bidirectional sync
• Rapid 7 asset vulnerability Ingestion
• Rapid7 Nexpose file ingestion
• Penetration Testing vulnerability Ingestion
• Splunk integration
• Bug Fixes

March 2019

Why: Metrics Dashboard

As a CISO, I want to see my vulnerability trending data so that I can track the progress of my vulnerability management program

What: My Risk Today & My Risk Trends

This shows your current overall risk score, your vulnerability risk, asset risk, threat risk and the percent change since last month for each.

Vuln Risk: a break out of vulnerability counts for each risk grade, the count change since last month and a drill in link for more details.

Asset Group Risk: a list of the 5 most risky asset groups with links to drill in for more details for each. Also, a link to the lowest risk assets groups is also available.

Threat Risk: Active Threats is a count of all vulnerability that have been associated with a known Trojan, Malware, Ransomware, Exploit Kit or Targeted Attack. Potential Threats are vulnerabilities that have not been associated with a threat, but score high on our machine learning algorithm as having threat potential. Active Threats on Critical Assets is the count of active threats on your business critical assets

What: Improve My Risk Score

This is NopSec’s recommendations for how you can improve your risk score. The button will take you to see all the vulnerabilities you should remediate to improve your score.

What: Reduce My Attack Surface

This is NopSec’s recommendation for the most impactful remediation effort for your team. It shows the one most risky vulnerability that can be found on the most number of your critical assets.

What: Remediation of Critical Vulns Graph

This is a graph that will track remediation of critical vulns per quarter. By using the tracking only the vulnerabilities that originate in a single quarter, you can get an accurate view of your remediation progress without the noise of newly found vulnerabilities skewing the numbers.

What: Mean Time To Remediation

This will track your Overall Mean Time To Remediation, your Mean Time to Remediation for Critical Assets and the asset groups with the best and worst Mean Time to Remediation. Along with those metrics it will also track the change increase or decrease in your Mean Time to Remediation since the previous month.

What: Patch Coverage on My Top Asset Groups

This will track the patch coverage of your most important asset groups by showing the percent of assets that were recently patched in each group. Along with that it will show the current grade, score and mean time to remediation per asset group.

What: Prioritization Made Easy

This will show your vulnerability reduction after NopSec enriches the data from your scanners.

February 2019

Why: NopSec Risk Reduction Recommendations

As a Security Analyst I want to see NopSec’s recommendations for what will have biggest effect on my risk health so that I can most efficiently remediate.

What: Improve My Risk Score Recommendations

The Improve My Risk Score feature will highlight the best route to improving your risk score. On the dashboard it will show the number of vulnerabilities that can be remediated to improve your score to the next letter grade. Drilling into it will lead to an exact list of those vuln instances, including the information about the assets they are on.

What: Reduce My Attack Surface Recommendations

NopSec’s Reduce My Attack Surface feature will allow you to identify the most important vulns to focus on. It will highlight the most critical and prevalent vulnerability in the environment. That vulnerability will be the one with the worst risk score that can be found on the highest number of critical assets.

October 2018

Why: Advanced Search & Dashboard Drilldown expansion

As a Security Analyst, I want to be able to search across multiple attributes so that I can find exactly what I want.

What: Advanced Search on Asset Group Creation

This is a backtip limited search. Every search clause added would be performed using AND logic.

Example:

````name:nyc dept`ip:10.2.3.0/24`netbios:abc```

This would translate to

  “Find all assets that contains ‘nyc dept’ (case insensitive) AND IP range in 10.2.3.0 - 10.2.3.255 AND netbios contains ‘abc’

Three fields are searchable:

1. name: contains query and case insensitive
2. netbios: contains query and case insensitive
3. ip: CIDRs only (1.2.3.4 would be treated as 1.2.3.4/32, 1.2 would be treated as 1.2.0.0/32) - LIMITED to /16

What: Asset group creation exposes asset details

“New Asset Group” window shows  Asset names, IP and netbios name

What: CIDR Search on Fix Page

Customers can now search via CIDR on Fix.

What: Dashboard drilldown to fix page

We want to allow them to drill down from the “Riskest group” on landing page to fix page with the asset group filtered.

January 31, 2019

Welcome to Unified VRM!

FEATURE

FEATURE

FEATURE