News

  • Press Release

Share

Facebook Twitter linkedin
2023.12.21

The vulnerability information collection and management tool "SIDfm VM" now offers a new "cloud type" that does not require the construction and operation of a management server. A "discovery function" that can automatically detect IT assets has also been released at the same time.

Cyber Security Cloud, Inc. (Headquarters: Shinagawa-ku, Tokyo; President and CEO: Toshihiro Koike; hereinafter referred to as "the Company"), a global security manufacturer, is pleased to announce that it has begun offering a new "Cloud Type" of its vulnerability information collection and management tool, SIDfm VM, which enables users to begin vulnerability management immediately without the need to build and operate a management server.
In addition, we have released a "discovery function" as a standard feature of SIDfm VM, which automatically detects your IT assets and enables you to register them as targets for vulnerability management with one click.

In 1999, we first began offering SIDfm, a tool in Japan that streamlines the collection and management of vulnerability information that is made public daily, and for over 20 years (※), we have supported many companies in improving the efficiency of their vulnerability response operations.
SIDfm VM, which has the necessary functions for efficient vulnerability management, was previously provided as software, with customers being responsible for building and operating the management server themselves.
Now, in order to meet a variety of needs, we have begun offering a new "cloud type" service, which eliminates the need for customers to build and operate a management server, and enables them to register their own IT assets on our cloud service and quickly begin vulnerability management.

* Softtech, which was acquired in 2020, started business in 1999

■ What is the new feature "Discovery function"?
Vulnerability management requires the following processes: "Collecting vulnerability information," "Identifying necessary information," "Evaluating the impact (triage)," "Addressing and correcting vulnerabilities," and "Recording and managing the status of responses." In order to identify vulnerabilities related to your company, it is important to accurately understand the IT assets that are subject to vulnerability management, such as the server operating systems, applications, middleware, and network devices used by your company.

Previously, SIDfm identified vulnerability information related to the company by installing an agent on managed devices based on IT asset ledgers, or manually registering software configuration information on the SIDfm VM management server, and then comparing that configuration information with SIDfm vulnerability information database. Therefore, when managing assets using ledgers such as Excel data, we received many inquiries from companies that could not start vulnerability management operations without resolving the issue of understanding and maintaining the latest status of IT assets, such as not being able to properly update status changes due to version upgrade work at the operation site, or new IT assets increasing outside the security administrator's jurisdiction (rogue servers and shadow IT).

To solve these issues, we have released the "Discovery Function" as a standard feature of "SIDfm VM."
The discovery function uses a new discovery engine provided by our company to detect devices operating within a specified IP range and check candidates for management. This discovery engine can also obtain software configuration information, so you can not only check candidates, but also register them directly in SIDfm as targets for vulnerability management. In addition, you can set up regular automatic discovery, so you can notice increases or decreases in the number of managed devices. (This is also effective for rogue servers and shadow IT, where vulnerability countermeasures tend to be left unattended.)
In addition, devices registered with SIDfm are automatically updated with the latest configuration information each time a search is performed. When configuration information is updated to include a vulnerability patch, vulnerability tickets are automatically processed, making it possible to minimize management efforts even if the number of managed devices increases. This allows customers who have issues understanding their IT assets to tackle vulnerability management while reducing efforts.

■About the vulnerability information collection and management tool "SIDfm"
SIDfm (S.I.D.F.M.) is a vulnerability information collection and management tool that streamlines vulnerability response operations. It automatically collects and accumulates vulnerability information for OS, application, and network products from around the world. You can quickly identify only the information that your company needs, and it provides patch information and workarounds with Japanese explanations by security analysts, so you can see at a glance which vulnerabilities need to be addressed and what countermeasures to take. In addition, it can even record and manage the progress of vulnerability countermeasures.
We offer licenses tailored to your intended use, and our lineup includes "SIDfm Group/Biz" for those who want to automate the collection of vulnerability information, and "SIDfm VM" for those who want to handle everything from collecting to managing vulnerability information.

■ Main features of "SIDfm VM" for those who want to collect and manage vulnerability information

Feature 1: Ability to detect, extract, and register managed devices
It automatically detects your company's IT assets and registers them as vulnerability management targets, including configuration information. It can also be set to automatically search periodically, so you can receive notifications when the number of managed assets increases or decreases.

Feature 2: Sharing vulnerability countermeasure status within the organization
Centralized management of vulnerability countermeasure status for IT assets and workflow work records on a ticket-by-ticket basis within an organization. Schedules for the date of response, statuses, and work notes for each vulnerability ticket can be shared in real time, making daily progress management more efficient.

Feature 3: Unique indicators reduce the effort required for risk assessment
In addition to CVSS, SIDfm 's proprietary index "SRI" can also be used as an index to evaluate the risk of vulnerabilities. While CVSS only evaluates the "characteristics of the vulnerability itself," "SRI" is an index that takes into account the actual usage environment, the presence or absence of attack code, and the availability of countermeasure information, allowing you to perform a risk assessment that is appropriate for your own environment.

・ SIDfm VM service site:https://sid-fm.com/vm/

■About Cyber Security Cloud, Inc.
Address: 13th floor, JR Tokyu Meguro Building, 3-1-1 Kamiosaki, Shinagawa-ku, Tokyo
Representative: Representative Director, President and CEO Toshihiro Koike
Established: August 2010
URL: https://www.cscloud.co.jp/
Cyber Security Cloud has a management philosophy of "creating a cyberspace that people around the world can use safely and securely," and provides web application security services and vulnerability information collection using the world's leading cyber threat intelligence and AI technology. - We provide anti-hacker services such as management tools. We will continue to contribute to the promotion of the information revolution as one of the global leading companies in cybersecurity centered on WAF.