Precision Vulnerability Management

Securing IT starts by managing IT
Precision Vulnerability Management
Vulnerability LifeCyle
Distributed scanners
Non-Intrusive scans
Advanced Scheduling Capabilities
Multi-Platform
CVSS Scoring System
CVE Standard
Types of Vulnerabilities

Vulnerability LifeCyle

Criston Vulnerability Process

Distributed scanners

Precision Vulnerability Management is a fully-integrated solution designed to manage the vulnerability lifecycle within organisations. With a centralized database, distributed scanners, role based administration, secure communications, and a comprehensive set of reports, Precision Vulnerability Management is the ideal solution to conduct automated security audits.

- Deploys centralized vulnerability management on complex multi-sites networks
- Multiple scanners can be easily deployed and scan agent or agent-less devices for vulnerabilities
- All scanners report to a consolidated, on-site database

Non-Intrusive scans

- Step by step wizard to setup and schedule a scan on a specific target
- Easy scanner configuration
- Facilitates planning and targeting
- Immediate results

Advanced Scheduling Capabilities

- Easliy schedule scans on an hourly, daily, weekly, or monthly basis to periodically check for vulnerabilities
- Start, stop and pause scan jobs
- Pre-schedule your non intrusive scans without the risk of unplanned network downtime

Multi-Platform

- The scanner can run on both Windows & Linux (RedHat & Debian) operating systems
- Freedom to allocate machines based on availability in a resource-constrained, heterogeneous environment

CVSS Scoring System

Common Vulnerability Scoring System (CVSS v2) is available for every vulnerability – it establishes a measure of how much a vulnerability is critical in order to evaluate and prioritise remediation (score from 1 to 10)

- Prioritize remediation efforts
- Solve the problem of multiple, incompatible scoring systems
- Easily understandable reporting

CVE Standard

CVE reference is available for all vulnerabilities on top of the vendor vulnerability name. CVE standardises identifiers for all publicly known vulnerabilities and security exposures.

- Easier to share data across separate vulnerability databases and security tools
- Easier to search for information in other databases

Types of Vulnerabilities

Criston supports vulnerability assessments for the following systems and services

- Web Servers
- Database Servers
- Application Servers
- RPC Services
- CGI Scripts
- FTP
- DNS
- POP3
- Windows
- SNMP
- Linux
- SMTP
- IMAP

- SSH
- SSL
- Proxy Servers
- UDP
- Switches
- VPNs
- TCP/IP
- Registry
- User Accounts
- Dos Vulnerabilities
- SQL Injection vulnerabilities
- Trojans and Viruses
- Routers