- Acronis
- Aruba Networks
- Assuria
- Boldon James
- C2C
- Celestix
- Check Point
- Credant
- Cryptocard
- DESlock
- Exinda
- Extricom WLAN
- ForeScout NAC & IPS
- Imprivata SSO
- InfoGov
- IronKey
- Juniper Networks
- Loglogic
- Lumension
- McAfee
- Mimecast
- Netasq EAL4
- Palo Alto Networks
- Safend
- SecurEnvoy
- Sourcefire
- Stonesoft
- Swivel
- Symantec
- Titus Labs
- Trend Micro
- Vasco
- Verity Systems CESG Degausser
- Wallix
- Watchguard
- 1st Responder Services
- Business Support
- Database Security
- Forensics
- Information Systems Security Assessment
- ISO27001 GAP Analysis
- IT Security Awareness
- IT Security Consultancy
- IT Security Standards Compliance Assessment Service
- Penetration Testing
- Physical Security
- Service Management
- Social Engineering
- Wireless Security
- Web Application Test
SureCloud SureGuard
SureCloud Vulnerability Management automates the vulnerability management life-cycle across the enterprise; including network asset discovery, asset impact ratings, vulnerability detection, reporting and analysis, and remediation management. In addition, clients are able to get online access to experienced security professionals to assist with remediation issues.
The solution allows organisations to test both networks and applications, internally and externally.
- External Scanning - Discover and manage vulnerabilities on your network perimeter.
- Internal Scanning - Discover and manage vulnerabilities on your internal networks.
- SureCloud AppScanner - Allows you identify and manage web application vulnerabilities.
- SureCloud PCI - PCI ASV scans to comply with PCI requirement 11.1.
The module is underpinned by a comprehensive knowledge base of covering over 30,000 vulnerabilities and advisories (including detailed recommendations and solutions). Vulnerability information is assimilated from highly regarded industry sources such as the Common Vulnerabilities and Exposures list (www.cve.mitre.org) and the NIST National Vulnerability Database (http://nvd.nist.gov). The NIST database takes CVE to the next level with detailed information for each of its vulnerabilities. Other SureCloud sources include the SANS Top 20 (http://www.sans.org/top20 ), CERT Vulnerability Notes (http://www.kb.cert.org/vuls/), and the Open Source Vulnerability Database (http://www.osvdb.org).
SureCloud Vulnerability Management provides a closed-loop vulnerability management process - following six intuitive steps:
- Discover - automatically detect network devices and software.
- Value - assign business impact values to assets, so that vulnerabilities affecting valuable assets can be prioritised.
- Assess - configure and schedule scans to assess networks and applications for vulnerabilities.
- Analyse - reports and metrics identify priority 'low-hanging' fruit areas to focus remediation activity.
- Remediate - a ticketing system allows remediation activity to assigned to resources across the organisation and tracked through to completion. In addition users can request on-line assistance for remediation activity.
- Re-scans can verify that remediation activity has mitigated a vulnerability; vulnerabilities are automatically closed or re-opened by the system.
SureCloud PCI
This application provides an easy to use, intuitive solution for achieving compliance with PCI Requirement 11.2. A wizard based system guides the user through each step of the compliance process.
PCI Process
- Step 1. Complete your Annual Self Assessment Questionnaire
- Step 2. Complete your Quarterly Pre-scan Questionnaire to certify that your scan will not be blocked
- Step 3. Once per quarter - assess and verify your network and applications for vulnerabilities
- Step 4. When all your steps are successful (green) submit your results to your acquiring bank.
SureCloud is an Approved Scanning Vendor (ASV), and is fully certified to assess PCI DSS compliance.
SureCloud Certifications
SureCloud are CESG CHECK certified and are PCI DSS Approved Scanning Vendors (ASV) that have CISSP qualified consultants.
Compliance Standards
Requirement 6: Develop and maintain secure systems and applications
Requirement 10 Track and monitor all access to network resources and cardholder data
Requirement 11: Regularly test security systems and processes
Requirement 12 Maintain a policy that addresses information security for employees and contractors
External Scanning
SureCloud's securely hosted Appliances can be scheduled to scan your organisations network perimeter on-demand.
Internal Scanning
SureCloud Scanning Appliances can be installed inside corporate networks to provide a scalable internal scanning solution. Pay-as-you-Go Scanning provides an extremely cost effective means of achieving compliance to PCI Requirement 11.2.
SureCloud AppScanner
SureCloud's proprietary web application scanner allows organisations to automatically check for web site vulnerabilities at scheduled intervals or on-demand, and can assist in compliance with PCI Requirement 6.6. Checks include, but are not limited to, the following:
- Cross-site scripting (XSS)
- Injection flaws (SQL injection, LDAP, Xpath etc.)
- Insecure communications
Alternative Log
Management
Assuria Log Manager (ALM) has achieved CESG CCTM approval and securely collects and manages audit logs to comply with regulations. The small footprint ALM agents are available for Windows, UNIX and Linux servers, databases, applications, network devices, firewalls, routers, access control systems and many more. Collection from new log sources can be added via agent plug-ins. Collected logs are stored in their original format in a standard file / folder structure with log data integrity ensured through digital signatures and cryptographic hashes.
© Copyright Castleforce 2007-2012. Web design by Theme Group