So, let's go through a typical scenario. A security administrator will scan for vulnerabilities. He'll have thousands of vulnerabilities, and he'll create a report, a thousand page report. He then gives it to the IT person and the IT person says, "Great. This is going to take me months to get through this whole thing." So, he's like, "I'm not even looking at it." So, then the security guy has to go through the report, strip out all the things he doesn't care about. He doesn't care about the CV numbers. He doesn't care about, all the references. The IT person just cares about what he needs to do. And then what happens is the security administrator needs to figure out, "OK, now that I'm going to have him work on these mediation steps, let me actually consolidate all the steps to figure out what are the biggest things that he needs to do to reduce the most amount of risk?"
So, you can see there's a lot of work that is done from a security administrator's standpoint. Well, what this new report does is it actually automates it. So, you can create a report, top 10, top 20, top 5. You can see the number, you can customize it and you can see the number of the mediation steps and how much risk it'll reduce in your organization. For example, you could say the top 10 things could reduce 80% of the risk to your organization. Well, wouldn't it be great for the security guy to actually have that conversation with the IT person, to say, "Hey, these steps will reduce the most amount of risk. What can we do to actually do this to help me get my program from one step to the next step?"
The second thing that we had in this release that we're really excited about is now we have new certified CIS benchmarks for Red Hat Enterprise Linux. Basically, CIS stands for the Center for Internet Security. So, it's an organization, not-for-profit, and they have, basically, created policies or benchmarks that ensure that your systems are secure. So, typically what will happen is the IT administrator will, basically, build a system. He'll enable all the applications, all the services, because he, basically, has a lot of other things that he cares about. He wants to get it off his plate.
He's on call 24/7. He has to fix the CEO's laptop. He's very reactive. So, when he's creating these new systems, he's creating them quickly. He just, basically, wants to move on. What happens is those systems aren't secure.
So, what you'd, basically, use the CIS benchmarks for is before you take that system and you move it into production, you want to make sure that's configured correctly. And also, you just can't do it the first time. Every time after, basically, like every couple weeks, couple months, whatever frequency you want, you need to check to make sure that those configurations are secure because they can change over time. Either an IT person can go in there and he can change it, or maybe there's some malicious code that changes those settings. So, you really need to ensure that things are secure by constantly checking it.
And we've also found that some organizations, it's great that CIS has these benchmarks for Red Hat Enterprise Linux. But, say your organization, you don't agree with everything that they have. Well, we have an easy to use web-based editor that allows you to take that policy and customize it to meet your organization's need. We also see that companies typically struggle when they do vulnerability scans and they do configuration assessment scans separately. What happens if you do it separately, you have to manage the whole process, and also it's additional network bandwidth that's utilized because you're doing two different scans. So, what's unique about our product is you actually have a single scan that you can check for both vulnerabilities and configurations at the same time and, basically, manage that whole process.
So, as you can see, these two new features really help you increase the value of vulnerability management to your organization. If you'd like a free trial, please come to our website. Otherwise, thank you and we'll see you next week.
