SecureFusion Methodology

Know your assets. Know your risk.

After conducting countless security and risk assessments, the founders of Gideon Technologies learned that most companies struggle to maintain a continuous and accurate IT inventory. The inventory challenge affects every downstream IT process and makes it nearly impossible to assess enterprise IT risk accurately. If the IT inventory is flawed or out-of-date, compliance and risk reporting will be incorrect also.

The SecureFusion methodology offers a multi-layered approach to measuring enterprise IT risk and remediation continuously and accurately. The SecureFusion suite begins with the most accurate asset discovery solution available, and then integrates your IT inventory with additive intelligence on vulnerabilities, system configuration and policy compliance. Our solution follows an intelligent process for continuous data collection, integration and assessment that will enable strategic decision making and risk reduction throughout your enterprise.

The SecureFusion methodology is designed to help you continuously visualize all IT assets, prioritize risk accordingly and measure remediation efforts for the most complete, accurate and repeatable risk assessment process available.

Phase 1: Visualize all IT assets

  • Network Discovery – SecureFusion begins with the rapid discovery of all your enterprise networks—independent of host discovery. By quickly identifying all connected networks and associated hosts, SecureFusion targets additional scans more efficiently.
  • Host Discovery – Scheduled separately from network discovery, SecureFusion identifies every asset connected to the network within the corporate environment. With the most accurate operating system (OS) identification in the industry, SecureFusion incorporates additional layers of identification to immediately highlight known, managed assets from those outside of the management process (rogue assets).
  • Network Applications and Services Classification – SecureFusion searches individual hosts for network-visible applications and services and automatically groups them by category. SecureFusion automatically identifies rogue applications and services, and the discovery process can be customized for specific policies.
  • Assignment and Identification – Data captured during the discovery process is displayed in the SecureFusion Portal and enhanced by additional layers of context. You can automatically organize your IT inventory data by platform, OS, version, type of asset or description. You can also superimpose your organization’s structure over the IT inventory to view location and business unit information.

As the foundation for all downstream processes, Phase 1 of visualizing all IT assets is usually accomplished within the first 24-48 hours of implementation. The SecureFusion Asset Discovery module enables flexible scan scheduling and targeting. Most SecureFusion customers run the Asset Discovery module on a daily basis across their entire enterprise in order to maintain an accurate inventory of all networks, hosts, applications and services.

Phase 2: Prioritize risk accordingly

  • Risk Assessment – SecureFusion’s integrated modules perform continuous scanning to help you assess enterprise IT risk. With a foundation of accurate, repeatable asset discovery, additional SecureFusion modules ensure complete, efficient risk assessments of vulnerabilities, configuration and Internet presence.
  • Vulnerability Scanning – SecureFusion identifies all enterprise vulnerabilities easily. Vulnerability scanning can be scheduled anytime to cover the entire enterprise or to focus on specific networks, platforms, hosts, categories or business units. Accurate vulnerability scanning enables strategic remediation.
  • Configuration Scanning – Using agent-less technology, SecureFusion collects hundreds of the most commonly audited technical IT controls, including installed software, hardware, file shares, patches, versioning and more. Use this information to prioritize risk across your IT landscape.
  • Perimeter Scanning – As a service offering that accompanies the SecureFusion suite, we will scan your entire Internet footprint automatically and regularly so that you always have an accurate view of the IT assets that are visible to the Internet and at risk to hackers and external threats.
  • Rogue Technology Identification – SecureFusion automatically identifies undocumented networks, unknown and/or unmanaged domains, forbidden software, and restricted services that exist within your IT environment. The risks to unknown and unmanaged IT assets can now be prioritized strategically.

In Phase 2 of prioritizing risk, SecureFusion provides a complete view of enterprise risk on a continuous basis. Your unique goals and objectives for risk remediation define how each independent SecureFusion module is deployed. The SecureFusion Portal provides a centralized, comprehensive view of overall risk and compliance.

Phase 3: Measure remediation efforts

  • Measurement – The SecureFusion Policy Management module helps you measure IT risk against your own internal policies and established external standards and regulatory requirements. SecureFusion automatically tracks risk remediation for vulnerabilities, rogue networks, hosts and services.   
  • Policy Compliance – The SecureFusion Policy Management module uses templates for the most common compliance and regulatory requirements, including SOX, HIPAA, ISO 17799, NIST, PCI, COBIT and more. You can easily modify the templates for any IT control policy that requires continuous auditing.
  • Service Level Agreements – SecureFusion sets service-level agreements (SLAs) for the total number of high-risk vulnerabilities present in your environment and continually measures against the set objectives. You can establish individual SLAs based on categories or system classifications. SecureFusion helps you easily measure the time it takes to remediate vulnerabilities or identify rogue assets against an expectation or SLA.

Phase 3 for measuring remediation efforts provides you with a continuous, automated audit of the enterprise IT environment. By using SecureFusion for continuous data collection and measurement, you will be able to manage your networks more effectively and determine the root causes of IT risks. 

Phase 4: Communicate the results

Continuous reporting is one of the foremost benefits of SecureFusion and the SecureFusion methodology. Accurate inventories enable accurate risk assessment which leads to accurate risk metrics. SecureFusion reporting communicates data throughout the entire process in a variety of formats designed for specific roles within the IT organization and the enterprise, including the formats below:

  • Dashboard/Scorecard – SecureFusion’s high-level executive reporting includes business context, measurements by business unit or platform, accurate inventories and easily understood compliance scoring. Dashboard and scorecard reports can be current or historical and provide trending.
  • Remediation Tracking – SecureFusion enables you to know, track and automatically update the current state of vulnerability remediation across the enterprise.
  • Alerting – Using the SecureFusion alerting feature, you can automatically notify the appropriate individual or manager when particular measurements or SLAs are not met, or when new high-risk vulnerabilities appear in their area of responsibility.  
  • Documentation – SecureFusion documents exceptions for audit purposes and blacklisted assets for vulnerability purposes. Licensing and purchase information for software and hardware are all part of the SecureFusion documentation functionality.

For most of our customers, the SecureFusion Portal becomes a primary communication point for multiple departments, including security, network operations, asset management, server operations, desktop operations, internal audit and many more. The SecureFusion Portal provides one location where multiple groups can obtain accurate and independent views of IT assets, vulnerabilities, configuration details and policy compliance.

The SecureFusion Methodology—a continuous process

The SecureFusion suite is designed to provide a largely hands-free experience that is easy to install and simple to maintain throughout its service. Because each module is integrated, newly discovered assets are automatically tracked in inventory, and included in future vulnerability or configuration scans. SecureFusion will alert the appropriate IT resource when new networks are discovered so that documentation is maintained easily. 

  • Scheduling – SecureFusion can conduct all scans within the various modules once or on a recurring basis to afford maximum flexibility. SecureFusion will scan certain areas of the enterprise during off hours, others during the day, and the solution can scan areas with multiple remote hosts several times a day according to an entirely automated process.
  • Throttling – As SecureFusion scans individual networks, you can throttle bandwidth to minimize any impact to the network.
  • Blacklisting – SecureFusion will blacklist any sensitive networks and systems to ensure they are never touched by the active scanning process.  

Today organizations must face an increasing number of critical initiatives with a smaller number of resources. Time spent collecting data manually or using inferior technology takes time away from data analysis, risk prioritization and remediation processes that make actual improvements. The SecureFusion methodology and the SecureFusion suite operate continuously to transform raw data from your IT environment into strategic information that can drive real risk reduction and enhanced IT efficiency.

  SecureFusion Suite
 
  SecureFusion Asset Discovery
 
  SecureFusion Vulnerability Management
 
  SecureFusion Configuration Management
 
  SecureFusion Policy Management
 
  External Perimeter Monitoring Service
 
  SecureFusion Portal
 
  Request a Demo
 
  Contact Us

           Home | © Gideon Technologies, Inc. All Rights Reserved.