The analysis of an organization's network to identify weaknesses and determine the susceptibility to an attack. In recent years, hackers have created well-established, efficient communication channels for sharing information and tools, making it easier to find ways into corporate and private networks. The burden of constant surveillance falls on IT administrators who, at the same time, are being asked to do more complex network management every day.

Making vulnerability assessment a frequent part of enterprise security procedures ensures the integrity of the network and the safety of corporate data. CAS offers the most comprehensive managed solution that scans all perimeter devices to detect the latest network vulnerabilities as they emerge. Delivered over the Internet, CAS removes the need for security expertise and training, customer-premise software or hardware, and eliminates the requirement to collect and validate new vulnerability data before each network security test can be performed.

In conjunction with Internet Security Systems' ("ISS") X-Force Team, security researchers test and validate new potential risks and fixes each week before adding them to CAS' Vulnerability KnowledgeBase, eliminating the chance of false positives or negatives in customer scans. With an unlimited number of vulnerability scans per IP, per year, security administrators can run web-based tests via an auto-scheduling option or on-demand beginning with complete network discovery, mapping of all devices on the network, then analysis of vulnerabilities. Once CAS' vulnerability scan is complete, reports summarize every security risk, corrective action and historical data for easy policy enforcement.

Maps entire network topology and provides visual representation of network perimeter devices

Analyzes relative risk of vulnerabilities resulting in clear understanding of risk exposure

• Validates adherence and effectiveness of existing policies and baseline security procedures
  
• Utilizes a constantly updated database of vulnerability signatures covering over three hundred applications on twenty different platforms
  
• On-demand or auto-scheduling of daily, weekly or monthly scans
  
• Compiles an ongoing record of network security scanning history in order to do trend analysis
  
• Provides concise, actionable reporting with recommendations and links to patches and fixes
  
• No hardware/software installation or configuration required
  
• Subscription-based service with unlimited scanning per year
  
• CVE-compatible
  

Phase 1: Discovery

Dynamic identification of all perimeter devices

CAS identifies and creates a topology map of all of the enterprise's network devices that can be "seen" from the Internet, reporting comprehensive information about them. Devices are accurately characterized as access gateways, routers, or other types of equipment, by machine type and operating system. This feature also provides ISP identification such as customer network span and machine names.

Phase 2: Analysis

Powerful scanning engine and up-to-date vulnerability database

The network is analyzed for possible vulnerabilities, using an inference-based methodology that makes no assumptions or eliminations without complete understanding of the system under test. CAS' Scanning Engine uses a continuously updated Vulnerability KnowledgeBase covering over three hundred applications on twenty platforms and operating systems (commercial and open source).

Phase 3: Reporting

Concise, actionable reporting

CAS' reports deliver the relevant information to the right people: detailed technical data for IT administrators and summary data for management, in customizable or off-the-shelf formats.

Technical Reporting

These graphical reports can be generated in HTML or XML and provide administrators with a breakdown of the security status of each network device, including summary information about the scan, specific host information, and a list of detected vulnerabilities. These reports present a description of each security risk detected, the severity of the threat (industry standard ratings from 1 to 5), the potential consequences of exposure, and the solution recommended.

Executive Reporting

Also, CAS generates management-level reports that provide a global view of the security status of all networks and IP addresses, scanning trends and differential reports that highlight any changes made since the last scan.