Pending ...

Human Managed hm.works 1.16 released with continuous vulnerability management

Human Managed app hm.works 1.16 released with dashboard on detected vulnerabilities & prioritized mitigation and remediation

Since its first release on 13 March 2023, the Human Managed web app hm.works has been getting fresh updates regularly to report on intel, decisions, and actions generated from any data source from our customers.

This week, we are excited to announce the release of a dashboard that reports on the detection of vulnerabilities on managed assets (servers and infrastructure components hosted in corporate network / datacentres / cloud, or apps hosted in public app stores). Read more about our vulnerability use case on our newly revamped website.

Introducing...

vulnerability management 🛡️

vuln mngt.png

Intelligence, recommended decisions and actions from continuous and integrated vulnerability assessment across your managed assets.

The vulnerability dashboard answers the top 3 things you need to know about enterprise security:

  1. What critical vulnerabilities exist in my environment?
  2. What vulnerabilities should I prioritize based on exploitability?
  3. What is the best action to mitigate or remediate the vulnerability?

The challenges of vulnerability management

Vulnerability is a flaw or weakness in a system that can be exploited to compromise IT security. It can be caused by weakness in any IT administration, process, or design function, such as:

  • insecure products & app from system and app vendors
  • misconfigured systems
  • flaws in user administration / system access
  • flaws in code / software

Effective vulnerability management (from discovery to remediation) requires a proactive, integrated approach that enables continuous vulnerability assessments, prioritized response based on business impact, and effective planning & tracking of remediation actions.

vuln gif.gif

Most organizations recognize the importance of vulnerability management, but struggle to:

  • get accurate visibility of their network topology
  • get understanding of security & availability implications of all network devices & computer systems (which can easily be >1000s)
  • effectively plan network changes & maintain security controls
  • contextualize vulnerabilities based on exploitability / exposure / impact
  • prioritize urgent and critical issues from data overload on a day to day basis

* * *

HM's vulnerability management use case helps you to get to effective decisions and actions quickly, by taking a data-driven, context-based approach to vulnerability management -- regardless of the source of threat, or the environment in which a vulnerability is located.

Let's explore each segment of the posture violation dashboard.

1) I.De.A for vulnerabilities

vuln image.jpg
  • What:
    • summarized intel gives you a high level summary of all open vulnerabilities detected in your assets, customizable to key indicators (in this case, detection severity)
    • recommended decision gives you a direction to prioritize to fix vulnerabilities, based on hm.works's analysis.
    • recommended action gives you the steps to execute the recommended decision
  • Why: Helps you to understand your company's current state of vulnerabilities across all managed assets, and take prioritized decisions and actions to improve the posture -- based on data.
  • How: Connect data sources such as vulnerability management, endpoint management, and network management to the Human Managed platform to perform contextualized analysis on vulnerability use cases.

2) Vulnerability data grid

vuln 3.jpg
vuln 2.jpg

  • What: An interactive grid breaks down detected vulnerabilities based on:
    • affected asset
    • CVE ID (common vulnerabilities and exposures identifier for publicly known information security vulnerabilities)
    • CVE description
    • CVSS base severity (common vulnerability scoring system for quantifiable and standard measure of severity of vulnerabilities)
    • CVSS version
    • CVSS impact score (quantifiable and standard measure of impact of vulnerabilities)
    • CWE ID (common weakness enumeration for community-developed list of software and hardware weakness types)
    • CWE name
    • CWE description
    • detection source (e.g. network management platform, cloud security posture management, vulnerability scanner)
    • other optional data points: CPE name, CPE version, app engine, app engine version
  • Why: Understand and explore your current state of vulnerabilities in detail, identify blockers, and plan for improvements to achieve desired posture goals.
  • How: Connect data sources such as vulnerability management, endpoint management, and network management to the Human Managed platform to perform contextualized analysis on vulnerability use cases.

* * *

And that is hm.works 1.16! We will be releasing more features and updates regularly, so stay tuned.

To get the latest news from Human Managed, follow us on LinkedIn and check out our website and blog.

* * *

Want to discuss how we can help solve your cyber, digital, or risk operations through data?

Want a test run of the hm.works app?

Have any questions or feedback?

Please contact us at hello@humanmanaged.com.