Go to the text

SB Technology launches vulnerability management service “MSS for Vulnerability Management (VRM)” as a subscription service

~Automatically collects and visualizes network assets and vulnerability information, and prioritizes vulnerability responses to ensure efficient vulnerability management.


SB Technology Corp.

SB Technology Corp. (Headquarters: Shinjuku-ku, Tokyo, President & CEO: Shinichi Ata, hereinafter referred to as SBT) collects and visualizes assets on the network based on ServiceNow, and targets for management using the vulnerability scanner Tenable Vulnerability Management. From July 3, 2023, we will start providing MSS for Vulnerability Management (VRM), which supports customers' security operations by regularly performing vulnerability scans on IT assets.

This service is a subscription service that automatically collects, visualizes, and prioritizes managed IT assets and vulnerability information, and centrally manages detected vulnerabilities. For detected vulnerabilities, the risk level is evaluated according to the customer environment, including whether the attack code has been published, Internet exposure, and the importance of assets, and the customer is notified along with recommended actions. After receiving the notification, you can use the risk score as a reference to determine whether the vulnerability can be addressed and to formulate a response plan. This makes it possible to efficiently manage vulnerabilities according to the customer's situation, giving priority to high-risk vulnerabilities.

Scope of this service and vulnerability management life cycle

■Background

Comprehensive and continuous asset management is the foundation for organizations to take appropriate security measures. In October 2022, the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) will provide federal agencies with visibility and vulnerability information for assets on their networks. We have issued "BOD 23-01" *1, which requires improvements in gender detection. Although this directive is targeted at federal agencies, CISA has found it useful for other organizations as well.
In Japan, there are frequent cases of IT assets being unintentionally disclosed to the outside world, or of system vulnerabilities being exploited without proper vulnerability countermeasures, resulting in victims of cyberattacks. Comprehensive and continuous asset management and vulnerability management are required to implement appropriate security measures. However, as the number of IT assets to be managed increases and management becomes complicated, it becomes difficult to accurately grasp assets. Furthermore, vulnerability management requires personnel in charge to check and respond on a daily basis, requiring specialized knowledge and experience as well as countermeasures tailored to the organization.

To solve this issue, SBT provides a vulnerability management service called "MSS for Vulnerability Management (VRM)." We support efficient vulnerability management by leveraging the system and security operation knowledge that SBT has cultivated over the years.

■Service overview

The service contents of "MSS for Vulnerability Management (VRM)" are as follows.

・Service features

1) Efficiently centralize vulnerability management tasks
This service centrally manages processes along the vulnerability management lifecycle, from asset understanding to vulnerability information collection and evaluation, response determination, plan formulation, and response implementation for detected vulnerabilities. Managed IT assets and vulnerability information are automatically collected on a daily basis and always updated to the latest information, significantly reducing the man-hours required to collect such information.
An example of a portal site display. For detected vulnerabilities, it is possible to extract high-priority vulnerabilities by using filter functions, etc. There is also a response target date and response date column, and it is also possible to set reminders for items that are delayed in response.
2) Uniquely designed vulnerability assessment
We evaluate detected vulnerabilities based on whether the attack code has been published, whether an external organization has issued a warning, and the importance of the customer's assets. As a result, response requests will be notified based on risk level as "immediate response," "planned response," and "timely response." Because the customer sets the asset importance level for each asset based on the degree of impact on the customer's business, the design allows the risk of detected vulnerabilities to be evaluated according to the impact they have on the customer's business. Masu.
3) Significant reduction in initial costs through subscription services
This Service is a subscription service. Service fees include ServiceNow and Tenable Vulnerability Management licenses, vulnerability updates, system maintenance, and regular version updates. There is no initial cost and you can use the platform you need for vulnerability management as a flat-rate service in as little as 15 days.

・Provision start date
Monday, July 3, 2023

·Offer price
Monthly fee: 2.5 million yen~
*No initial cost required

Click here to learn more about MSS for Vulnerability Management (VRM).
https://www.softbanktech.co.jp/service/list/managed-security-service/mss-for-vrm/

■Future developments

In the future, SBT will work to expand the system configuration of this service and strengthen collaboration with existing services that have been developed to date, and will strive to expand the functionality of the service so that we can support a wide range of areas related to customers' IT security operations. I'm coming.

■Comment from Masatoshi Suzuki, President and Executive Officer of ServiceNow Japan LLC

It is an honor to be able to work with SB Technology to provide innovative managed services that implement vulnerability countermeasures in cybersecurity. Conventional vulnerability countermeasures have no choice but to be implemented by each company independently, and we are confident that by providing this as a managed service, we will greatly contribute to improving the level of cybersecurity in Japan.
ServiceNow will continue to support the provision of this groundbreaking service and will work closely with SB Technology to further improve the service.

Contact information regarding this press release

● SB Technology Corp. Public Relations Department
E-mail: sbt-press@tech.softbank.co.jp