TVM

Threat and Vulnerability Management (TVM)

Focuses on the continuous, cyclical process of identifying and addressing vulnerabilities in an organisation's infrastructure

What is TVM

TVM is focused on a continuous, iterative process of identifying and fixing vulnerabilities in an organization's infrastructure.

Support and services include monitoring and configuration of the necessary rules, backup and remediation, updates and patches, responding to identified vulnerabilities, and regular reporting.

What is TVM What is TVM
What is TVM What is TVM
What is TVM What is TVM
What is TVM What is TVM
What is TVM What is TVM
What is TVM What is TVM
What is TVM What is TVM
Why you need vulnerability management
Establish threat and vulnerability management processes and response protocols Establish threat and vulnerability management processes and response protocols

Establish threat and vulnerability management processes and response protocols

Increase control over infrastructure and improve protection of critical services Increase control over infrastructure and improve protection of critical services

Increase control over infrastructure and improve protection of critical services

Automate vulnerability identification and remediation without disrupting business operations Automate vulnerability identification and remediation without disrupting business operations

Automate vulnerability identification and remediation without disrupting business operations

What's included in iiii Tech's TVM 
RedСheck Platform Support Service RedСheck Platform Support Service
RedСheck Platform Support Service

Provision and configuration of the RedСheck platform

Vulnerability detection and remediation Vulnerability detection and remediation
Vulnerability detection and remediation

Reports on scan results, recommendations for remediation of identified vulnerabilities in accordance with agreed SLAs, and regular reporting on completed work

Types of services provided within TVM  

Technical solutions and software projects used to deliver services to clients

Installation package creation and software configuration

Testing and verification of the RedCheck solution in the client's technical environment

Configuration of rules for the server platform

Creation of instructions for processing and responding to messages, server platform configuration instructions and SLAs.

1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform

The cost of licences (purchased by the customer from the vendor):

Media Kit for the certified version of the RedCheck security analysis tool [RC-Media Kit] - 1300


Licence to use the RedCheck security analysis tool, Professional Edition for 1 IP address for 1 year (100-199) [RC-D-Pro-License-1Y] - 2220

1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:

Depending on the number of critical hosts to be scanned, implementation can take 10-15 days.


 

iiii-Tech Security manager

iiii-Tech Server admin

iiii-Tech SD

Client

Infrastructure Preparation

C

R

I

A

Preparation of the scanning list (depending on the criticality assessment)

I

A

I

R

Establishment of scanning period and schedule

R

A

I

I

Configuration of the RedCheck Server platform

R

A

I

I

Test scanning

R

A

I

I

Preparation of a report and recommendations for addressing the identified vulnerabilities

I

*A

*R

I


*For cases where IT infrastructure support is provided by iiii-Tech

1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation

Resolution of service-related issues by the customer contacting the SD department

Transfer of service-related requests from the SD department

Periodic scanning of the host pool

Analysis of possible technical difficulties together with the customer representative

Provision of reports on the vulnerabilities identified as a result of scanning (monthly, quarterly, annually)

Analysis of identified threats and recommendations for their elimination

2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:

Technical solutions and software projects used to deliver services to clients

Installation package creation and software configuration

Testing and verification of the RedCheck solution in the client's technical environment

Configuration of rules for the server platform

Creation of instructions for processing and responding to messages, server platform configuration instructions and SLAs.

1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform
1.       Implementation and one-off support tasks for the RedCheck platform 1. Implementation and one-off support tasks for the RedCheck platform

The cost of licences (purchased by the customer from the vendor):

Media Kit for the certified version of the RedCheck security analysis tool [RC-Media Kit] - 1300


Licence to use the RedCheck security analysis tool, Professional Edition for 1 IP address for 1 year (100-199) [RC-D-Pro-License-1Y] - 2220

1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:
1.1. Implementation costs: 1.1. Implementation costs:

Depending on the number of critical hosts to be scanned, implementation can take 10-15 days.


 

iiii-Tech Security manager

iiii-Tech Server admin

iiii-Tech SD

Client

Infrastructure Preparation

C

R

I

A

Preparation of the scanning list (depending on the criticality assessment)

I

A

I

R

Establishment of scanning period and schedule

R

A

I

I

Configuration of the RedCheck Server platform

R

A

I

I

Test scanning

R

A

I

I

Preparation of a report and recommendations for addressing the identified vulnerabilities

I

*A

*R

I


*For cases where IT infrastructure support is provided by iiii-Tech

1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation
1.2. Timeframe for implementation 1.2. Timeframe for implementation

Resolution of service-related issues by the customer contacting the SD department

Transfer of service-related requests from the SD department

Periodic scanning of the host pool

Analysis of possible technical difficulties together with the customer representative

Provision of reports on the vulnerabilities identified as a result of scanning (monthly, quarterly, annually)

Analysis of identified threats and recommendations for their elimination

2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:
2. Periodic Tasks for the TVM Service: 2. Periodic Tasks for the TVM Service:


Levels of service for the TVM service 


 

Bronze

Silver

Gold

Scanning frequency

Ad-hoc, at most once every three months

Once a month, as agreed with the customer

1 time per month + re-scanning based on patch results

Frequency of reporting

Ad-hoc, not more than once every three months + 1 annual report

1 time per month, based on scan results

1 time per month based on scan results + report updates as vulnerabilities are closed

Handling of false positives

-

Once a month to update the false positive list

False positive list update once a month + ad hoc updates

Compliance reports

-

1x per half year

1 every 2 months

Remediation of vulnerabilities found

Critical* level only

Critical, high* levels only

Critical, High, Medium

Cost per month

34 800 RUB

64 000 RUB

94 000 RUB


What's Included in Service Levels (Monthly) 

Gold

• Scanning for live hosts from a list

• Scanning hosts for vulnerabilities

• Compliance requirements list development

• Report preparation

• Recommendations development

• Identification of false-positive findings and report corrections

• Timing of scans based on network load

• Information updates in the system

• Work to eliminate identified vulnerabilities

Silver

• Scanning for live hosts from a list

• Scanning hosts for vulnerabilities

• Compliance requirements list development

• Report preparation

• Recommendations development

• Identification of false-positive findings and report corrections

• Timing of scans based on network load

• Information updates in the system

• Work to eliminate identified vulnerabilities

• Rescan after vulnerability elimination confirmation

Bronze

• Scanning for live hosts from a list

• Report preparation

• Recommendations development

• Timing of scans based on network load

• General report corrections within identified false-positive findings

• Information updates in the system

We take care of all solution maintenance

  • You just need to

  • Confirmation of technical solution and software

  • Licence decision for the user/buyer (user/supplier)

  • Decision on the scope of the service implementation (number of scanned hosts)

  • Decision on scanning strategy

  • Assigning a contact person for the service, who will be the main point of contact for further development of the service and in case of possible problems and incompatibilities.

  • Provide us with reports of any identified TVM service issues

  • Respond to SD requests related to the handling of current vulnerabilities

We take care of all solution maintenance – инфоблок We take care of all solution maintenance – инфоблок
We take care of all solution maintenance – инфоблок We take care of all solution maintenance – инфоблок
We take care of all solution maintenance – инфоблок We take care of all solution maintenance – инфоблок
We take care of all solution maintenance – инфоблок We take care of all solution maintenance – инфоблок
We take care of all solution maintenance – инфоблок We take care of all solution maintenance – инфоблок
We take care of all solution maintenance – инфоблок We take care of all solution maintenance – инфоблок
We take care of all solution maintenance – инфоблок We take care of all solution maintenance – инфоблок
What documentation we provide 
Equipment list for implementation Equipment list for implementation

Equipment list for implementation

ITIL/ITSM documentation ITIL/ITSM documentation

ITIL/ITSM documentation

Statistical reports Statistical reports

Statistical reports

Why iiii Tech is the right choice for you

FSB Cyber Security Certification

Certified partners with Russian vendors

Own Tier 3 data centres in Russia

SLA work guarantees

RU/EN support 365/24/7 or 5/2

Certified Administrators

/en/about/media/blog/butikovyy-podkhod-v-podderzhke-polzovateley-sozdanie-tsennosti-cherez-individualnost-i-kachestvo/
Blog
Бутиковый подход в поддержке пользователей: создание ценности через индивидуальность и качество
30 June 2023
/en/about/media/blog/kiberbezopasnost-dlya-onlayn-agregatorov/
Кибербезопасность для онлайн агрегаторов Кибербезопасность для онлайн агрегаторов
Кибербезопасность для онлайн агрегаторов Кибербезопасность для онлайн агрегаторов
Кибербезопасность для онлайн агрегаторов Кибербезопасность для онлайн агрегаторов
Blog
Кибербезопасность для онлайн агрегаторов
30 June 2023
/en/about/media/blog/podlezhit-markirovke-pochemu-neobkhodimo-markirovat-tovary-i-kak-v-etom-pomogayut-postavshchiki-it-r/
Подлежит маркировке: почему необходимо маркировать товары и как в этом помогают поставщики ИТ-решений Подлежит маркировке: почему необходимо маркировать товары и как в этом помогают поставщики ИТ-решений
Подлежит маркировке: почему необходимо маркировать товары и как в этом помогают поставщики ИТ-решений Подлежит маркировке: почему необходимо маркировать товары и как в этом помогают поставщики ИТ-решений
Подлежит маркировке: почему необходимо маркировать товары и как в этом помогают поставщики ИТ-решений Подлежит маркировке: почему необходимо маркировать товары и как в этом помогают поставщики ИТ-решений
Blog
Подлежит маркировке: почему необходимо маркировать товары и как в этом помогают поставщики ИТ-решений
30 June 2023
Sign up for the newsletter!
Sending only useful letters
With the click of a button, I am in agreement with the policy on the processing of personal data.
Продолжая использовать этот сайт и нажимая на кнопку «Принимаю», вы даете согласие на обработку файлов cookie