This page documents production updates to Unified VRM. You can periodically check this page for announcements about new or updated features, bug fixes, known issues, and deprecated functionality.
To get the latest product updates delivered to you, add the URL of this page to your feed reader.
Why: Metrics Dashboard
As a CISO, I want to see my vulnerability trending data so that I can track the progress of my vulnerability management program
What: My Risk Today & My Risk Trends
This shows your current overall risk score, your vulnerability risk, asset risk, threat risk and the percent change since last month for each.
Vuln Risk: a break out of vulnerability counts for each risk grade, the count change since last month and a drill in link for more details.
Asset Group Risk: a list of the 5 most risky asset groups with links to drill in for more details for each. Also, a link to the lowest risk assets groups is also available.
Threat Risk: Active Threats is a count of all vulnerability that have been associated with a known Trojan, Malware, Ransomware, Exploit Kit or Targeted Attack. Potential Threats are vulnerabilities that have not been associated with a threat, but score high on our machine learning algorithm as having threat potential. Active Threats on Critical Assets is the count of active threats on your business critical assets
What: Improve My Risk Score
This is NopSec’s recommendations for how you can improve your risk score. The button will take you to see all the vulnerabilities you should remediate to improve your score.
What: Reduce My Attack Surface
This is NopSec’s recommendation for the most impactful remediation effort for your team. It shows the one most risky vulnerability that can be found on the most number of your critical assets.
What: Remediation of Critical Vulns Graph
This is a graph that will track remediation of critical vulns per quarter. By using the tracking only the vulnerabilities that originate in a single quarter, you can get an accurate view of your remediation progress without the noise of newly found vulnerabilities skewing the numbers.
What: Mean Time To Remediation
This will track your Overall Mean Time To Remediation, your Mean Time to Remediation for Critical Assets and the asset groups with the best and worst Mean Time to Remediation. Along with those metrics it will also track the change increase or decrease in your Mean Time to Remediation since the previous month.
What: Patch Coverage on My Top Asset Groups
This will track the patch coverage of your most important asset groups by showing the percent of assets that were recently patched in each group. Along with that it will show the current grade, score and mean time to remediation per asset group.
What: Prioritization Made Easy
This will show your vulnerability reduction after NopSec enriches the data from your scanners.
Why: NopSec Risk Reduction Recommendations
As a Security Analyst I want to see NopSec’s recommendations for what will have biggest effect on my risk health so that I can most efficiently remediate.
What: Improve My Risk Score Recommendations
The Improve My Risk Score feature will highlight the best route to improving your risk score. On the dashboard it will show the number of vulnerabilities that can be remediated to improve your score to the next letter grade. Drilling into it will lead to an exact list of those vuln instances, including the information about the assets they are on.
What: Reduce My Attack Surface Recommendations
NopSec’s Reduce My Attack Surface feature will allow you to identify the most important vulns to focus on. It will highlight the most critical and prevalent vulnerability in the environment. That vulnerability will be the one with the worst risk score that can be found on the highest number of critical assets.
Why: Advanced Search & Dashboard Drilldown expansion
As a Security Analyst, I want to be able to search across multiple attributes so that I can find exactly what I want.
What: Advanced Search on Asset Group Creation
This is a backtip limited search. Every search clause added would be performed using AND logic.
This would translate to
“Find all assets that contains ‘nyc dept’ (case insensitive) AND IP range in 10.2.3.0 - 10.2.3.255 AND netbios contains ‘abc’
Three fields are searchable:
- name: contains query and case insensitive
- netbios: contains query and case insensitive
- ip: CIDRs only (22.214.171.124 would be treated as 126.96.36.199/32, 1.2 would be treated as 188.8.131.52/32) - LIMITED to /16
What: Asset group creation exposes asset details
“New Asset Group” window shows Asset names, IP and netbios name
What: CIDR Search on Fix Page
Customers can now search via CIDR on Fix.
What: Dashboard drilldown to fix page
We want to allow them to drill down from the “Riskest group” on landing page to fix page with the asset group filtered.
January 31, 2019
Welcome to Unified VRM!
|Browse your assets in Asset Inventory across vulnerability scanners and CMDBs and view them in one place.
|Share vulnerability information automatically from Unified VRM into your existing unified communications tools such as Slack, email and more to automate the manual copy and pasting distribution.