Threat and Vulnerability Management
Detect and Mitigate vulnerabilities swiftly
Rising cyber-attacks and newly emerging security vulnerabilities bring unknown challenges to businesses of all shapes and sizes. Exposure to cyber risks can culminate into incidents such as cyber-attacks, malware infections, ransomware, web page compromises and data breaches.
We have developed comprehensive Threat and Vulnerability Management (TVM) Services that ensure holistic view of security vulnerabilities across the organization’s digital landscape.
Jio TVM services offer foundational layer security that help organizations identify vulnerabilities with security patching and hardening/ secure configuration of servers, containers, networking devices, virtualization layer, and Cloud infrastructure.
Rising cyber-attacks and newly emerging security vulnerabilities bring unknown challenges to businesses of all shapes and sizes.
What you get with TVM
Vulnerability Management
Configuration Review
Container Security Assessment
Security Penetration Testing
Threat Advisory Services
Centralized Governance & Management
Digital Self-Care
Variants
| Features | Starter Pack | Advance Service | Expert Service |
|---|---|---|---|
| Vulnerability Scanning | |||
| Authenticated scan: Scan performed with credentials of the system |
|
|
|
| Detection of open N/W ports |
|
|
|
| Discovering potential attack vectors in the system |
Partial
|
Full
|
Full
|
| Security Patches required for the system |
Partial
|
Full
|
Full
|
| Detailed review and verification of configuration settings |
|
|
|
| Existence of assessment for weak authentication |
|
||
| Minimum number of IPs/ active instances considered for scan |
10
|
25
|
50
|
| Scan frequency (No. of scans/ month) |
1
|
2
|
Continuous/ on demand
|
| Infrastructure and Platform Coverage | |||
| Servers (Physical/ Virtual) |
|
|
|
| Infrastructure systems and network devices |
|
|
|
| Hypervisors |
|
|
|
| Supported Cloud platform (AWS, Azure and GCP) |
|
|
|
| Mainstream containers architecture supported |
|
||
| Penetration Test | |||
| White Box penetration testing (Internal network test with prior information about the network and internal systems) |
|
||
| Black Box penetration testing (External network test, without prior knowledge of internal network and systems) |
|
|
|
| Reports and Support | |||
| Reporting |
|
|
|
| Systematic and accurate briefing of issues |
|
|
|
| Risk view - local and remotely hackable issues |
|
||
| Remediation guidance |
|
|
|
| Post remediation rescan |
|
|
|
| Vulnerability Program Management | |||
| Portal access |
|
||
| Compliance management - PCI DSS, NIST and CIS |
|
|
|
| Customised hardening guidelines for infrastructure components such as OS, NW, DB and MW |
|
||
| End-to-end management of vulnerability during its lifecycle, from assessment to remediation support |
|
|
|
| Automated tracking and mail notifications |
|
||
| Management of reporting for security exceptions |
|
||
| Zero Day Vulnerability (ZDV)- advisory and support (ZDV: An attack that has zero days between vulnerability being discovered and the first attack) |
|
||
