Threat and Vulnerability Management (TVM) Software

Don't get distracted by the wrong vulnerabilities. Resolver's powerful software helps protect against cyber breaches by prioritizing on a risk-based approach to threat and vulnerability management.

Request a Demo
scroll down

Focus on the right vulnerabilities. Be "Board Ready".

Many organizations are on the wrong end of an intrusion or data breach. Your board is likely reading a ton of press on this subject each week. While boards have great literacy on reading financials, they likely don’t have much clarity into your information security practices. 

The inevitable question is “Will that happen to us?” Be ready. By taking a risk-based approach to threats, you can focus on the vulnerabilities that have the biggest risk impact for your organization. Resolver’s vulnerability management software can help you provide this education to your board and C-Suite using customized risk scoring algorithms and powerful dashboards to show your remediation efforts. We do all of this out-of-the-box.

Focus on the right vulnerabilities. Be

Prioritize your efforts to reduce vulnerability

Fast, automated collection of data

Get your threat data integrated to Resolver. With 40+ connectors out-of-the-box, you can correlate millions of assets and 10x that number of vulnerabilities. See full list of integrations.

Gain greater risk intelligence

Correlate assets with business context and threat intelligence. Tie vulnerabilities to threat exploits and event analysis.

Risk scoring to prioritize vulnerabilities

Use multi-attribute risk scoring algorithms that are weighted based on business priorities, threat exploits and vulnerabilities. Visualize your cyber risk posture.

Ticketing and verification for quick response

Remediate quickly, prioritize and group vulnerabilities based on configurable criteria including criticality, compliance regulations, vendor SLAs or more. Close the loop by verifying that the actions taken were effective, based on the new risk scores.

You're in good company

Over 1000 of the world’s largest organizations use Resolver software to protect their employees, customers, data, brand, inventory, and shareholders.

Frequently Asked Questions

We're here to answer any questions you may have.

How does Resolver help with Threat and Vulnerability Management?

With regards to vulnerability management, the RiskVision platform can allow you to perform the following:  

  1. Asset Classification: Classify your assets based on criticality to the business and tag assets for higher priority (e.g. contains PCI data, in DMZ, contains intellectual property)
  2. Data Integration: Integrate your technologies (i.e. vulnerability scanners, SIEMs, CMDBs, threat feeds) with RiskVision to collect and correlate all vulnerability data in one centralized location. 
  3. Risk Scoring: Review your vulnerabilities with a multi-attribute risk score that provides business context beyond CVSS scores.
  4. Risk Prioritization: Prioritize and automate your vulnerability remediation based on risk score, age, vulnerability count, SLA’s – risk scores are configurable.
  5. Ticketing: Auto-create or manually create remediation tickets to patch vulnerabilities or request exceptions for vulnerabilities that can’t be patched right away, or at all.
  6. Remediation Verification: Close the risk management loop by reviewing the risk scores of your vulnerabilities after they’ve been patched to make sure your efforts were effective. 
  7. Advanced Reporting: Constantly monitor your risks with visualized dashboards and share them across business units, geographies, etc.

With regards to threat management, the RiskVision platform can automatically import threat intelligence and correlate it with vulnerabilities when the threat intelligence provides CVE references.

Beyond vulnerability prioritization and importing threat intelligence, the team responsible for mitigating IT threats can assign remediation tickets required against a specific threat. The platform can also link to events and incidents to provide greater visibility into the impact of a specific threat in your environment.

Where does Resolver obtain its threat and exploit data from?

Resolver’s RiskVision platform enriches vulnerability data with both exploit data and threat intelligence data. Both are used as important inputs to provide risk-based prioritization for vulnerabilities so that you can make sure you are prioritizing your riskiest vulnerabilities.

RiskVision supports importing threat data from CrowdStrike Falcon Intelligence and FireEye iSight Intelligence. RiskVision will allow other threat intelligence sources to be imported based on request.

For exploit data, RiskVision supports the Offensive Security Exploit Database. The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software that aims to serve as the most comprehensive collection of exploits gathered through direct submissions, mailing lists, and other public sources. 

Are risk scoring formulas customizable?

Yes, the RiskVision platform utilizes a robust risk-based scoring methodology that takes into account two components that together equal the risk of the vulnerabilities being measured. The first component is the Asset Criticality factor which represents how critical the asset is to the business (impact portion of the risk score); the more critical the asset, the higher the risk of a vulnerability being exploited on that asset. The second factor is the Vulnerability Risk Factor (likelihood of the vulnerability to be exploited) which considers CVSS vectors and additional data, including a threat factor, exploit factor, and number of days known. 

What scanners do you have a pre-built connector for?

RiskVision has pre-built connectors with more than 40 third-party products, including device vulnerability scanners like Rapid 7, Nexpose and Qualys; application vulnerability scanners like IBM Rational AppScan and HP Fortify WebInspect; and database scanners like Trustwave DBProtect and Imperva SecureSphere. See the full list of connectors.

Does Resolver offer a ticketing system, or do I need to have one and connect to it?

The RiskVision platform has its own full-featured automated ticketing system. For organizations that want to integrate with their existing ticketing systems, RiskVision has bi-directional connectors to popular ticketing systems such as ServiceNow and Remedy. See the full list of connectors

Does Resolver offer an exception process (also known as a risk waiver process)?

Yes, exceptions can be generated for a single vulnerability on a single or multiple asset, or for one asset for single or multiple vulnerabilities. When the exception is requested, the automated exception management workflow begins by sending a notification to the appropriate stakeholder for review/approval. Once approved, the clock starts ticking towards the expiration date or next review date that was set (i.e., 30, 60, or 90 days out), when it will be reviewed again, and either be extended or closed if no longer needed.

Request a Demo

Fill out the form below and we will contact you shortly.