TVM

Threat and Vulnerability Management (TVM)

Focuses on the continuous, cyclical process of identifying and addressing vulnerabilities in an organisation's infrastructure

TVM is focused on a continuous, iterative process of identifying and fixing vulnerabilities in an organization's infrastructure.

Support and services include monitoring and configuration of the necessary rules, backup and remediation, updates and patches, responding to identified vulnerabilities, and regular reporting.

Establish threat and vulnerability management processes and response protocols

Increase control over infrastructure and improve protection of critical services

Automate vulnerability identification and remediation without disrupting business operations

RedСheck Platform Support Service

Provision and configuration of the RedСheck platform

Vulnerability detection and remediation

Reports on scan results, recommendations for remediation of identified vulnerabilities in accordance with agreed SLAs, and regular reporting on completed work

Types of services provided within TVM

Technical solutions and software projects used to deliver services to clients

Installation package creation and software configuration

Testing and verification of the RedCheck solution in the client's technical environment

Configuration of rules for the server platform

Creation of instructions for processing and responding to messages, server platform configuration instructions and SLAs.

1. Implementation and one-off support tasks for the RedCheck platform

The cost of licences (purchased by the customer from the vendor):

Media Kit for the certified version of the RedCheck security analysis tool [RC-Media Kit] - 1300

Licence to use the RedCheck security analysis tool, Professional Edition for 1 IP address for 1 year (100-199) [RC-D-Pro-License-1Y] - 2220

Depending on the number of critical hosts to be scanned, implementation can take 10-15 days.

	iiii-Tech Security manager	iiii-Tech Server admin	iiii-Tech SD	Client
Infrastructure Preparation	C	R	I	A
Preparation of the scanning list (depending on the criticality assessment)	I	A	I	R
Establishment of scanning period and schedule	R	A	I	I
Configuration of the RedCheck Server platform	R	A	I	I
Test scanning	R	A	I	I
Preparation of a report and recommendations for addressing the identified vulnerabilities	I	*A	*R	I

*For cases where IT infrastructure support is provided by iiii-Tech

Resolution of service-related issues by the customer contacting the SD department

Transfer of service-related requests from the SD department

Periodic scanning of the host pool

Analysis of possible technical difficulties together with the customer representative

Provision of reports on the vulnerabilities identified as a result of scanning (monthly, quarterly, annually)

Analysis of identified threats and recommendations for their elimination

Technical solutions and software projects used to deliver services to clients

Installation package creation and software configuration

Testing and verification of the RedCheck solution in the client's technical environment

Configuration of rules for the server platform

Creation of instructions for processing and responding to messages, server platform configuration instructions and SLAs.

The cost of licences (purchased by the customer from the vendor):

Media Kit for the certified version of the RedCheck security analysis tool [RC-Media Kit] - 1300

Licence to use the RedCheck security analysis tool, Professional Edition for 1 IP address for 1 year (100-199) [RC-D-Pro-License-1Y] - 2220

Depending on the number of critical hosts to be scanned, implementation can take 10-15 days.

	iiii-Tech Security manager	iiii-Tech Server admin	iiii-Tech SD	Client
Infrastructure Preparation	C	R	I	A
Preparation of the scanning list (depending on the criticality assessment)	I	A	I	R
Establishment of scanning period and schedule	R	A	I	I
Configuration of the RedCheck Server platform	R	A	I	I
Test scanning	R	A	I	I
Preparation of a report and recommendations for addressing the identified vulnerabilities	I	*A	*R	I

*For cases where IT infrastructure support is provided by iiii-Tech

Resolution of service-related issues by the customer contacting the SD department

Transfer of service-related requests from the SD department

Periodic scanning of the host pool

Analysis of possible technical difficulties together with the customer representative

Provision of reports on the vulnerabilities identified as a result of scanning (monthly, quarterly, annually)

Analysis of identified threats and recommendations for their elimination

Levels of service for the TVM service

	Bronze	Silver	Gold
Scanning frequency	Ad-hoc, at most once every three months	Once a month, as agreed with the customer	1 time per month + re-scanning based on patch results
Frequency of reporting	Ad-hoc, not more than once every three months + 1 annual report	1 time per month, based on scan results	1 time per month based on scan results + report updates as vulnerabilities are closed
Handling of false positives	-	Once a month to update the false positive list	False positive list update once a month + ad hoc updates
Compliance reports	-	1x per half year	1 every 2 months
Remediation of vulnerabilities found	Critical* level only	Critical, high* levels only	Critical, High, Medium
Cost per month	34 800 RUB	64 000 RUB	94 000 RUB

Gold

• Scanning for live hosts from a list

• Scanning hosts for vulnerabilities

• Compliance requirements list development

• Report preparation

• Recommendations development

• Identification of false-positive findings and report corrections

• Timing of scans based on network load

• Information updates in the system

• Work to eliminate identified vulnerabilities

Silver

• Scanning for live hosts from a list

• Scanning hosts for vulnerabilities

• Compliance requirements list development

• Report preparation

• Recommendations development

• Identification of false-positive findings and report corrections

• Timing of scans based on network load

• Information updates in the system

• Work to eliminate identified vulnerabilities

• Rescan after vulnerability elimination confirmation

Bronze

• Scanning for live hosts from a list

• Report preparation

• Recommendations development

• Timing of scans based on network load

• General report corrections within identified false-positive findings

• Information updates in the system

You just need to
Confirmation of technical solution and software
Licence decision for the user/buyer (user/supplier)
Decision on the scope of the service implementation (number of scanned hosts)
Decision on scanning strategy
Assigning a contact person for the service, who will be the main point of contact for further development of the service and in case of possible problems and incompatibilities.
Provide us with reports of any identified TVM service issues
Respond to SD requests related to the handling of current vulnerabilities