Customer Login Free Trial

Datasheet

SPM Metrics

document thumbnail

Vuln Tracker Overview

video thumbnail

“Vuln Tracker adds accountability to our vulnerability management process.”

- Insurance Industry Customer

Third Defense Vuln Tracker

Third Defense Vuln Tracker is a simple application packing a powerful message, showing overdue vulnerabilities by asset group. Vulnerability scanners are essential tools, however they don't make it easy to report on the age of vulnerabilities. We're excited to introduce Vuln Tracker, a small web app dedicated to communicate the age of active vulnerabilities and those overdue per policy. The benefit is increased accountability to drive acceptance or mitigation decisions. Vuln Tracker also includes features to define a Service Level in days. Thus, you have one report showing overdue vulns per asset group, by severity.

Vuln Tracker is currently in beta, give it a try and let us know your thoughts.

Simple Report, Simple Workflow

Vuln Tracker doesn't overlap with any of your scanner's existing features. Follow these steps and you'll be aging vulnerabilities in no time:

  • Paste in your existing asset group owners and IP address ranges.
  • For each asset group, assign a duration in days, per severity level. This duration should be a pre-negotiated Service Level between the Asset Group Owner and the Security team.
  • Upload your regular scans.

Visual Reporting

As with all the Third Defense applications, Vuln Tracker includes a visual report to communicate vulnerability age. Select the best view to communicate your vulnerability management progress:

  • All active vulnerabilities by age.
  • All overdue vulnerabilities.
  • All active vulnerabilities by group.
  • All overdue vulnerabilities by group.

The screenshot below shows the Report tab with the Group Overdue view selected. This view enables a candid conversation with the Asset Owner to understand why open vulnerabilities are overdue and determine the best course of action for the business, either accept or mitigate.

Third Defense Vuln Tracker

Scanner Support

Vuln Tracker currently supports scan uploads from Nessus and Qualys. Contact sales@thirddefense.com to help us end the debate which vulnerability scanner to support next!

Security of Your Data

As security professionals, we want you to understand how we design our applications to protect your data. Customer information is encrypted both in transit and when stored on the server. In transit, we use SSL with strong ciphers and keys of at least 128 bits. On the server, we use AES with 256 bit keys. Each customer has a unique master key used for encrypting and decrypting data, and this key is encrypted using each user's credentials before being stored in the database. Therefore it is impossible for third parties to read any data even with full access to the live database. Additionally, we will gladly answer any security-related questions you may have about the application or its infrastructure. If you require a third-party security report, we will arrange for one to be delivered to you as soon as possible.

How to Subscribe

Access to the Third Defense Suite is granted on an annual subscription. Please contact sales@thirddefense.com to subscribe or sign up for a free trial. Further, if you're not satisfied with the Third Defense Suite, we'll refund your annual subscription at any time. Customer satisfaction is paramount to our mission and philosophy.