Vulnerability Management Technology Partner Integrations

Fortra Vulnerability Management and threat assessment platform identifies high-risk/critical assets with business context that are highly vulnerable to exploits, remain unpatched, are un-patchable or have already been infected in real-time. Integrated with Attivo Networks BOTsink, administrators can make intelligent, potentially automated, decisions on where to dynamically deploy deception technology to protect the network and resources from a potential compromise or attack, even as conditions or the infrastructure itself changes.

Core Impact helps security teams conduct advanced penetration testing with ease by using guided automation and certified exploits. Core Impact is powerful penetration testing software so you can safely test your environment using the same techniques as today's cyber criminals.

Core Impact replicates security attacks to your network infrastructure, endpoints, web, and applications to uncover exploitable vulnerabilities, giving you the upper hand to immediately remediate risks.

Brinqa Risk Platform delivers a complete set of capabilities and features to represent, integrate, and correlate unlimited sources of security data for secure and rapid analysis. The platform provides management and automation support throughout the cyber risk identification, mitigation, validation, and communication processes.

The Fortra VM integration with Cherwell’s ITSM (IT Service Management) automates tasks helping service desk teams meet the ever-growing list of demands including dashboards, reports, forms, and workflow automations enabling end-user self-sufficiency, faster and more effective ticket handling, plus greater visibility and accountability. Creating notifications as either “Problem” type tickets or “Incident” type tickets for Cherwell ITSM, Fortra VM provides industry-leading noise and false positive reduction, along with prioritized vulnerability and risk information based on business context.

Cherwell ITSM provides a powerful and flexible IT Service Management (ITSM) platform for service desk teams that need to address security risks, and all other IT tickets, and move more quickly towards taking action. Cherwell ITSM offers the tools needed to adapt quickly and cost-effectively to new IT and business needs, while delivering extraordinary service to internal customers. The Fortra VM and Cherwell ITSM integration automates the “Problem” and “Incident” tickets enabling your teams to find and fix vulnerabilities quickly, efficiently improving your overall security posture.

Fortra VM helps security teams focus on identifying and prioritizing the most important assets to proactively harden against an attack without requiring agents. Utilizing Incident and Problem tickets generated by Cherwell ITSM plus with data from Fortra VM teams are equipped to find, fix and remediate vulnerabilities and risks and customize their reporting.

Integration Key Benefits:

• Concurrent Session Licensing: Provide access to more users with a license model that enables any authorized person to access the software.
• ITIL Best Practices: Build a foundation to improve operational efficiency and deliver world-class service with a platform verified on 11 PinkVERIFY ITIL processes.
• Cherwell mApp Exchange: Save time and money with mergeable applications that allow you to merge content from other systems and programs into the Cherwell platform.
• Prebuilt reports and dashboards: Increase visibility across all ITSM processes by leveraging over 100 preconfigured reports.
• Third-party integration and orchestration: Ensure interoperability among systems, key data sources, and third-party products with Cherwell’s low-code platform.

“For the most effective and efficient IT service desks, interoperability is key,” said Michael Euperio, director, technology alliances at Cherwell. “With Cherwell’s ITSM solution acting as the hub for managing all IT tickets, including security vulnerabilities and threats, the integration with Fortra is important progress for our common customers.”

Cisco Identity Services Engine (Cisco ISE)/pxGrid combined with Fortra Vulnerability Management (Fortra VM), Web Application Scanning (WAS) and Active Threat Sweep (ATS) integrated modules helps reduce risk of potential network cyber-attacks by identifying vulnerable and infected assets and thwarting access of these devices that could compromise networks and eventually breach critical systems. Combining these technologies creates greater device visibility and network access control, building improved workflow and rapid responses to infrastructure threats.

Visualize

• Discover devices instantly without requiring agents
• Profile and classify devices, users, applications and operating systems
• Continuously monitor managed devices, including corporate, BYOD and IoT endpoints

Control

• Allow, deny or limit network access through Cisco ISE based on device posture and security policies
• Assess, prioritize and remediate malicious or high-risk endpoints
• Improve compliance with industry mandates and regulations

Automate and Orchestrate

• Share endpoint context from Cisco ISE via Cisco pxGrid with DDI's platform
• Create actionable workflows to have Cisco ISE automatically restore based on scans and associated risk management
• Create dynamic policy changes system-wide response to quickly mitigate risks

Prioritization and Automation Optimize Workflows

Digital Defense’s SaaS platform digitally fingerprints the hosts as contiguous entities, reconciles asset changes from scan to scan utilizing patented correlation algorithms (helping to minimize duplicates or unknown devices), prioritizes vulnerabilities, and automates workflow across the hybrid network to make better risk management decisions, quickly. The SaaS platform delivers unparalleled accurate network and host assessments all the way to intelligent integration with Cisco ISE, for automating security workflows and policies.

Restricts Devices that May Introduce Risk

Cisco ISE/pxGrid reduces risks and contain threats by dynamically controlling network access. ISE can assess vulnerabilities from the SaaS platform and apply threat intelligence. ISE monitors and denies network access to any device based on known information. United, Cisco ISE will use the vulnerability intel and Security GPA ® scoring intelligence as part of its access decision policies. Providing Cisco ISE with VM scanning intelligence data allows it to take more granular action by restricting access of a device that may potentially introduce risk into the network.

The integration offers a policy for when a new device which has not yet been assessed by the SaaS platform comes onto the network, ISE can request an immediate vulnerability scan. That same policy can restrict access for the given device, until ISE has received the data from Fortra VM, whereupon it would then fall to other policies to determine what actions to take based on the findings.

Visibility

• As an endpoint attempts to connect to the network, ISE is immediately aware of it
• ISE requests the most recent scan results for the endpoint from the SaaS platform
• Based on not having seen the device before, ISE can request the platform to scan endpoint for vulnerabilities

Automated Scanning

• ISE can launch a scan from the scan repository based on a condition (i.e. has not seen the preexisting device in 3 days on the network)

Policy Enforcement

• If critical vulnerabilities exist, ISE will quarantine or block the device so it does not become a launching point for advanced threats
• If vulnerabilities are present on the network for an extended time (e.g. 3 months), an ISE policy may quarantine or block the device

Automated Remediation

• ISE initializes automated remediation actions, or triggers external remediation via patch management

The Forescout® platform is a unified security platform that enables enterprises and government agencies to gain complete situational awareness of their extended enterprise environments and orchestrates actions to reduce cyber and operational risk. Fortra VM and Forescout integration helps reduce risk by continuously monitoring both managed and non-managed devices for vulnerabilities without a heavy burden on your network and systems. The integration also enables automated policy-driven actions to proactively combat threats detected and remediate compromised devices.

IBM QRadar users can activate the Fortra VM vulnerability feeds into the QRadar platform to gain improved visibility into security events. This is done by correlating vulnerability and threats through evaluating data accuracy, gaining greater visibility into the risk posture of hosts, to make better, more informed decisions and take appropriate security actions.

Fortra VM correlates its own rich data with LogRhythm SIEM information that helps administrators prioritize the patching and remediation of critical assets based on real-time knowledge of risks and actual active threats. In addition, the SaaS VM platform has been built from the ground up to support full multi-tenancy for managed services.

Leveraging the integration with McAfee® ePolicy Orchestrator® and Data Exchange Layer (DXL) can rapidly enhance your pre-existing network security.

Active Threat Sweep, integrated with Microsoft Defender ATP puts the power of on-demand agent-less threat detection at your fingertips. Proactively analyze assets for indications of a malware infection before other agent-based security tools can be deployed and thwart attacks that take advantage of dwell time to evade endpoint monitoring. Identify out-of-date or disabled endpoint protections to quickly flag at-risk devices and prioritize investigation and remediation. The combined solution increases Microsoft Defender ATP’s already proven security coverage and efficacy beyond current endpoint detection and response solutions.

• Better visibility and early detection of both passive and active threats
• Enhanced threat detection by combining targeted active threat scanning with AI-based behavioral anomaly detection, malware signature and file analysis
• Ability to root out small passive attack artifacts that are extremely difficult to find and planted by attackers for infecting or even re-infecting assets
• Immediately clean up infections before patching efforts can be implemented
• Identify out-of-date or disabled endpoint protections to quickly flag at risk devices and prioritize investigation and remediation

Blog Post | Micorosft Azure Marketplace Listing

With Fortra VM and Cortex XSOAR, Palo Alto Networks customers can now leverage on-demand vulnerability and active threat information to identify, prioritize and quarantine highly vulnerable or infected assets to allow security teams to remediate and patch systems before an infection can spread to other parts of the network.

 Integration Overview

“Cortex partners can leverage the vast amount of rich data available from across the enterprise to create AI-based innovations that provide more automated and accurate security outcomes to our joint customers,” said Karan Gupta, SVP of Engineering for Cortex at Palo Alto Networks. “We’re proud to welcome Fortra to our expanding ecosystem of developers building innovative apps.”

RSA Archer is the leading enterprise governance, risk and compliance (GRC) solution. Organizations benefit from Digital Defense’s patented scan-to- scan host correlation combined with the RSA Archer IT Security Vulnerabilities Program use case. The scan-to-scan host correlation ensures RSA Archer receives highly accurate and up-to-date information about hosts that have been scanned, allowing the user to make better, more informed decisions when coupled with information presented within RSA Archer.

LEARN MORE

Many organizations depend on the accuracy of their asset manager and ticketing systems to properly supervise their IT operations and vulnerability remediation programs. Data and documentation frequently become outdated as the tools utilized are not updated or the personnel in charge of maintenance lack the time and resource to do so. Fortra Vulnerability Management infuses the ServiceNow® platform with an automated security management workflow that goes beyond simple import/export mechanics found in other platforms.

With Fortra VM Sync 2.1, a certified integration with ServiceNow, ServiceNow users can be automatically alerted to new security vulnerabilities on their network; utilizing inline workflows to alert, assign, manage and verify remediation all from their ServiceNow platform. Build an effective and efficient security program leveraging the power ServiceNow and the expertise of a next generation security assessment system.

Innovative Application Integration

Built from the ground up to as one of the industry’s most progressive security management platforms, Fortra VM supports automated ServiceNow workflow integrations via Fortra VM Sync 2.1.

The seamless cloud-to-cloud deployment closes the vulnerability security loop from identification to remediation with end-to-end integration of vulnerability management and ticketing. Advanced network scoping, configurable labeling and automated fix verification and patented scanning technology empower and streamline your IT security management program.

Integration Benefits

• Seamless management of host and vulnerability findings
• Fully automated ticket workflow
• Customized ticket creation filters and rules
• Configurable ticket close and verification
• Comprehensive description and solutions for vulnerability remediation
• ServiceNow ticket status reporting
• Simple to configure and deploy

Leverage superior host identification and discovery technology for your ServiceNow CMDB

LEARN MORE