Host Vulnerability Management
An Overview of the Host Vulnerability Management Feature
Feature Summary
Host Vulnerability Management (HVM) enables Security and DevOps teams to efficiently view, prioritize, and orchestrate the response to vulnerabilities (Common Vulnerabilities and Exposures (CVEs)) detected on host instances across their clouds accounts. Host are automatically assessed when they are launched and detected by the InsightCloudSec harvesters without the use of traditional network scanning or an embedded agent. Using snapshots of the instances’ root volume, a thorough vulnerability assessment is performed on all packages in the guest operating system and installed software, on Open Source Software (OSS) dependencies, and on select file types.
The snapshots are downloaded to your InsightCloudSec instance, their package inventory is assessed and stored, and are then promptly deleted. The host instance inventory is continuously monitored for new vulnerabilities as long as they remain active in your cloud. Select changes to the host instance in the cloud will automatically trigger a fresh snapshot and assessment. Remediations are detected and recognized whether by host instance updates or removals and replacements by updating the base image (e.g., AMI) and relaunching.
Capabilities
HVM offers the following capabilities:
- Comprehensive assessment and visibility including:
- All host instances (resources), plus their base image, metadata, and detected vulnerabilities
- All packages plus their prevalence across the host instances
- All vulnerabilities detected across the instances and packages in total plus their metadata and link to exploit references
- Vulnerability Risk scores for each CVE calculated by a new, proprietary model leveraging intelligence about available exploits and their use by attackers in the wild
- Advanced filters to narrow the focus on select resources and their packages and vulnerabilities for risk-based prioritization and remediation
- Recommended solutions for each vulnerability as package and OSS version updates.
- Actions and automation that trigger alerts, ticketing, remediation workflows, and data exports
- Assessment coverage and health monitoring to identify any errors or access issues impacting feature operations
Current Support
The initial release of Host Vulnerability Management supports AWS EC2 instances and is only available to InsightCloudSec SaaS customers.
In addition, Windows hosts are not supported and will fail assessment.
Additional Details
Check out the Host Vulnerability Management - Configuration & Workflows page for details on the common workflows for Host Vulnerability Management and information on the require prerequisites.
The Host Vulnerability Management - User Guide provides details on feature operation and capabilities.
Updated 1 day ago