Assura Announces Vulnerability Management-as-a-Service

Posted in: Resources » Announcements

Richmond, VA – Today, I am thrilled to announce the General Availability of Assura’s Vulnerability Management-as-a-Service (VMaaS). Assura’s VMaaS combines industry leading tools to identify and actively manage security weaknesses and insecure configurations in client environments. VMaaS is for organizations who want the power of industry leading vulnerability identification and management practices, but do not have the resources to contextualize findings to adequately prioritize remediation.

The linchpins of Assura’s VMaaS are the unparalleled capabilities of Tenable’s vulnerability detection engine coupled with the Unified Vulnerability Management platform from Nucleus Security.

With Nucleus, VMaaS clients go beyond just receiving scan results. They receive actionable intelligence and context to manage vulnerabilities from identification all the way through to treatment.

Assura’s VMaaS goes beyond just providing a CVSS score because vulnerability information is enriched by Mandiant’s vulnerability intelligence service. When coupled with Nucleus’ risk scoring engine and Assura’s risk management expertise, clients are provided with a clear risk-based picture of vulnerability treatment priorities.

Clients can set up workflow rules to assign vulnerability treatment to their IT staff or MSP and the status of those treatments can be set throughout the management life cycle. This enables visibility into key metrics such as time-to-remediation.

VMaaS comes in two plans: Basic and Advanced.

The Basic plan is for organizations that need vulnerability identification and management to ensure that they do not have devices with exposed ports and protocols, unpatched/out-of-date software, and basic attack surface monitoring. Vulnerabilities are identified using the Tenable.io platform to conduct scans of their environment, including on-premises, cloud, and mobile workloads. Assura’s experts help clients identify system business criticalities and treatment SLAs based on recommended practices from the National Institute of Standards and Technology (NIST); configure integration with the client’s Service Desk system; and configure notifications to collaboration platforms such as Slack and Microsoft Teams as well as email, webhooks, and SMS.

The Advanced plan provides all of the features of Basic , and adds a number of value added features including Nucleus integrations with over 100 industry leading vulnerability identification, application security, penetration testing and bug bounty, ticketing and ITSM, and asset discovery/discovery platforms. In addition, Assura delivers:

  • Scans to assess compliance with vendor recommendations and the requirements of standards such as HIPAA, PCI DSS, and Center for Internet Security benchmarks
  • Searches for content such as PII, adult material, and other data protected by law
  • Assura’s experts provide the client with a vulnerability management policy and procedure customized for their environment
  • Asset discovery scans that can be imported in to the client’s CMDB
  • SAML SSO integration with the client’s identity management system

Clients who subscribe to either VMaaS plan receive monthly executive-level reports of findings and meaningful metrics, and a monthly conference with a member of our Offensive Security Operations Directorate who will provide expert guidance about trends, treatments, and remediation strategies.

For more information about VMaaS, clients can contact their account manager. A web page with additional information about the service will be live soon.