Скачать или смотреть Risk Based Vulnerability Management with Proactive Visualization

Risk Based Vulnerability Management (RBVM) augments existing IT Asset Management (ITAM) and SOAR (security orchestration, automation, and response) and SIEM (security information and event management) tools.

Measure and visualize the application componentry of Open Source Software (OSS), developed code, and 3rd party application code in the release cycle of development, system integration, quality control testing, pre-stage and production releases with a security posture score. Elements in the scoring include CVE, GitHub and other vulnerabilities, explorations identified in KEV, EPSS and other sources, license and copyright declarations, and popularity of components including stars, forks, maintenance history etc.

Measure and visualize the application release components (compute, network and storage contained in the ProCap360 RBOM) against cloud provider frameworks, and user selectable other frameworks (CIS, NIST800-53 etc.) for each application release environment.

Visualize a security posture for one or more applications in a business process view. Continuous monitoring provides for user selectable intervals in hours or days to rescan components in production and non-production environments and rescore the process applications security posture. If new vulnerabilities are discovered and the posture score decreases, user defined thresholds and actions can alert management as well as CI/CD work queues for remediation.

Process application SBOM and RBOM files are stored for future audit as well as optionally stored in Post Quantum Resistance secondary storage for additional storage protection depth.

With the explosion of AI models and model results, ProCap360 also offers a evolving AIBOM design where additional components of the SBOM/RBOM are tailored to capture model training datasets, production data, algorithms used, query and results that support future audits.

Executive Dashboards are configurable for CEO/Board of Director visualization of real time updates of forecasted and actual KPI impacts of process application components and AI components vulnerabilities. This reduces the time and toil of compiling risk based vulnerabilities against business objectives.