Vulnerability Scanning (Tenable)

SERVICE OVERVIEW 

DeepSeas Vulnerability Scanning Service with Tenable allows an organization to identify and manage vulnerabilities in the organization's systems. DeepSeas solution offers a range of features including customized vulnerability scanning, an integrated portal, and asset vulnerability information parsing. With DeepSeas Vulnerability Scanning solution, the organization can gain a deeper understanding of the security risks and take proactive steps to manage them. The solution is designed to be user-friendly and easy to navigate, allowing you to quickly identify vulnerabilities and take immediate action to address them. 

Our Vulnerability Scanning Service includes the following service elements: 

• Vulnerability identification service includes a thorough scanning of your internal network devices, servers, and other assets located on-premises to ensure the highest level of security for your organization. 
• Portal integration and delivery involves integrating scanner and sensor findings related to vulnerabilities into the DeepSeas RED portal. 
• Platform Management to support the Client's overall security posture through end-to-end oversight and management of Tenable tool to ensure optimal deployment, configuration, continuous monitoring and maintenance. DeepSeas employs vendor-specific knowledge, broad security experience, and industry best practices to provide tailored support for client environments and achieve maximum uptime and flexibility of client tool.

The following table describes the typical steps DeepSeas undertakes, together with Customer, to onboard and initialize our service: 

1. Kickoff (Approximately 1 Week)
   1. DeepSeas and the Client participate in a joint call to confirm services, service orchestration appliance placement (if required), shipping information, and other key details.
2. Tool Deployment, Configuration, & Tuning (2-3 Weeks)
   1. Scanners & Agents: DeepSeas will deploy Nessus Scanners and support installing Tenable Agents as needed to enable the scanning of the Client's environment.
   2. Scan Configuration & Scheduling - DeepSeas will create and schedule the monthly recurring scans of the Client's environment.
   3. User Access Management - DeepSeas will configure the user access and sign-on settings for Client accounts
   4. Authenticated Scans - DeepSeas will support scans that require the scanner to authenticate to the targeted system.
   5. Document Exceptions - DeepSeas will document all exception requested by the Client. DeepSeas will not report vulnerabilities for hosts that match the exceptions.
3. Baseline Scans & Integrations (2 Weeks)
   1. DeepSeas will execute steps to integrate scan results in the DeepSeas RED portal.
4. Service Optimization (Ongoing)
   1. Monitoring - DeepSeas will monitor all scanners and agents for performance and availability issues. DeepSeas will investigate potential problems and attempt to remediate them independently when possible. DeepSeas will notify the Client of all verified issues and their remediation status.
   2. Failed Scan Notifications - DeepSeas will notify the Client when there are failed scans. DeepSeas will attempt to retry a potentially failed scan before informing the Client.
   3. Active Troubleshooting - DeepSeas will troubleshoot all performance and availability failures, improper configurations, and unexpected or unintended behaviors of the tool. DeepSeas will provide troubleshooting until issues are resolved.
   4. Managed Change Process - DeepSeas will establish a change management process to use when making changes to the Client's tool.

VULNERABILITY IDENTIFICATION 

Vulnerability Identification comprises i) vulnerability scan management; and ii) vulnerability reporting and results management delivered by DeepSeas and leveraging commercially available scanning tools.  

1. Vulnerability Scanning: Our solution includes vulnerability scanning of the Client’s internal “active”, Internet Protocol (IP) addresses. Scans of internal and cloud-based IPs are conducted from one or more Scan Appliances within your network or data center. Included in Vulnerability Scanning are the following components: 
   1. Manage/update scan profiles and scan schedules
   2. Launch and verify the execution of IVM, on-demand, and policy compliance scans
   3. Review scan results and generate reports
   4. Troubleshoot any detected problems with scans
2. Vulnerability Reporting: After vulnerability scans are executed, the next step is to review and analyze the scan results. Included in Vulnerability Reporting are the following components: 
   1. Review scan results/reports
   2. Troubleshoot any detected problems with scan reports/report templates
   3. Prepare and deliver monthly reports/dashboards

• Assets can be accessed via a shared local area network in a centralized way. 
• The Client already has an infrastructure with enough capacity to host the virtual machines necessary for scanning activities. 
• Virtual scanner machines should be able to access an average of one thousand (1000) assets. 
• The Client will permit VPN traffic through firewalls for the management of scanner virtual machines. 
• The Client will be responsible for updating both the operating system and application of the scanner's virtual machines. 
• The Client will be responsible for deploying the provided .ova files to ensure that the machines can address the target assets. 
• The Client network team oversees managing the accessibility of target assets to the virtual machines. 
• The Client will provide suitable virtual or physical machines to operate Tenable Network scanners. 
• The Client will be responsible for administering, maintaining, and patching the virtual machines that run the Network scanners.