Release notes 2020-02-27

Major release

Digested report with vulnerability summary

We have made it easier to understand your current risk based on the data from Holm Security VMP with the new digest reports. These reports gives you a great overview of the most vital information in to one single email. The new vulnerability summary report, or digest report, is sent by email to you as an account user on a weekly or monthly basis. 

Here are the sections the report:

  • Overview
    Visualizes the current state of vulnerabilities and its severities with trend comparison against the last 30 days to see how the current situation relates to the previous time period. 
  • Progress
    Captures the change of vulnerability statuses and remediation tickets for the last 30 days.
  • New vulnerabilities
    Provides the information you need to understand how many new vulnerabilities that have been identified the last 30 days, as well as the last 3 months.
  • Usage
    Exposes key metrics on how your Security Center account is being used and the current utilization such as number of scanned IPs, report schedules and triggered alerts. 
  • Upcoming events
    Gives you an overview of scheduled scans and reports the next 30 days.
  • Recommendations 
    Shares information on features and services that can help you get the most out of Holm Security VMP.

Example email showing the first sections:

mceclip0.png

By default this new feature is turned on. You can enable/disable and change the interval of the email report on a global level or for specific users.

Read about settings for the digest report:
https://support.holmsecurity.com/hc/en-us/articles/360011956240

New features

Schedule and send reports to external users

Reports are a great way of sharing specific data from your vulnerability scannings. In this release we are releasing a unique feature that allows you to share reports with users that don't have access to Security Center in a secure but yet efficient way. 

Report schedules can now be configured with a set of recipient emails and phone numbers. These recipients will receive a unique email with a link to download the encrypted report. Before the report can be opened a password will be recieved to the users mobile phone. 

Download reports in CSV format

Reports for network and web application scanning are now available in CSV format. This allows you to do further processing and analysis of the report data outside Security Center, e.g. in Excel.

Splunk app

Splunk is a popular product to use for log management and as a SIEM, where a lot of data is centralized and collected. 

Our new Splunk app is available to be installed on your Splunk instance. It connects Splunk together with Security Center using our Platform API and acts like a search command inside of Splunk. 

This allows the user in Splunk to get vulnerability information for specific host assets, which is provided by the Platform API from Security Center. Common use cases are to do these kind of look-ups whenever you identify host assets that might expose a risk to your environment or that you want to understand the risk level of from a vulnerability perspective.

The Splunk app including docs can be found here (external link): 
https://github.com/holmsecurity/api-examples/tree/master/integrations/splunk

Service status portal

Whenever Security Center or related services would be impacted by a planned or unplanned event, we'll share this with you on the new released status portal. The status portal provides great visibility in to the current status of our services and also allows you to subscribe to any event that will be published. 

You can find it from our Helpdesk portal as well as here (external link): 
https://status.holmsecurity.com/ 

Network scanning optimizations

We have optimized the scanning time for network scans that will result in much less total duration of scans. This will especially give a positive effect when scanning larger networks with up to 2-5x faster scan times. The change is automatically applied on existing scanning profiles as well as those that will be created in the future. 

General availability of PCI DSS compliance scans

Payment Card Industry Data Security Standard (PCI DSS) framework dictates how environments handling sensitive credit card data should confirm to a set of rules and guidelines in order to be compliant. 

Security Center now allows you to both scan and report according to the PCI framework. when performing your vulnerability scans. This feature has previously been in a beta, ut is now available for all customers.

Business risk and impact inside of Vulnerability Manager

Business impact is a value set on your assets and tags inside of Security Center to give a risk aspect on your infrastructure and how critical they are to your business. Business risk is utilizing the business impact value together with the vulnerability severity to calculate a score that gives you an indication on the actual business risk for a certain asset and vulnerability. 

In this release we release a set of improvements related to how you filter, change and view these values inside of Vulnerability Manager. Giving you even more power to easier select and prioritize over the vulnerabilities on your account with corresponding actions.

Other Improvements

  • In rare cases a scan could start later then planned depending on the timezone and the start date. The next run time could also be off one day when timezones were used. This have now been fixed. 
  • Reports are now including the timezone which is used to display the date and time inside of the report.
  • Links are now properly working from the upcoming scans widget on the dashboard.
  • Assets that does not exists are now returning proper HTTP code when using the Platform API to fetch the number of vulnerabilities.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.