AVDS is a vulnerability detection and management solution that delivers accurate reports you can act on with confidence. Build security certainty by finding and eliminating the vulnerabilities in your network that invite attacks.
AVDS is designed to accurately scan networks from 64 to 200K active IPs and offer vulnerability detection and management control from an easy to use administration console. From that console scanning management and report access rights can be granted to divisional or regional security administrators.
An inaccurate VA report is very frustrating to use. If every third item in the report is a false positive (doesn't really exist) then soon the entire report, even the use of VA as a vital security tool, gets a bad name.
AVDS will restore your confidence in VA as a vital security tool. Regain complete certainty that when a VA report says that the network has high risks, they actually DO exist. Know without a doubt that when you are handling the risks discovered by AVDS you are doing the best job humanly possible to protect your network.
All other VA solutions depend primarily upon checking host banners to read the version number. They assume that if version X is present, then all the vulnerabilities of version X are also present. This is not true if an update was 'back doored' (common in Linux) or if server or application settings make access to the vulnerability impossible.
AVDS primarily checks the BEHAVIOR of hosts by delivering queries that prove by actual response that a vulnerability exists. Our false positive rate is .1% which is so low that most of our customers never experience a single error. Better yet; AVDS will discover vulnerabilities missed by others, which can happen if a patch is incompletely installed, or a server or service never got restarted so that the patch can take effect.
It is available as a hosted service for scanning external IPS, and an appliance based solution for scanning internal IPs, or as a hybrid. The hardware solution comes as either a single unit capable of both scanning and reporting and an enterprise version that uses two component types to cover networks of any size or complexity: The Information Server ("IS"), and one or more Local Scanning Servers("LSS").
The IS appliance is responsible for controlling the scans, storing the scanned results obtained from various scans, generating consolidated reports and providing access to reports. It is also used to control and manage all the associated LSS servers. The IS appliance can be configured to allow multiple users to connect to the system and to read scan reports, or to schedule scan jobs.
The LSS appliance is responsible for performing vulnerability scans across a segment of the network of up to 2,500 active nodes per day.
There are three scenarios in which a system can be vulnerable.
The first way a system can be vulnerable is when operating systems or network applications are poorly coded thus allowing attackers to exploit software flaws.
The second way a system can become vulnerable is when an operating system or an application in the system is infected with viruses, trojans or worms. In these instances, malicious code may open up a TCP port for unauthorized access from across the network.
The third way a system can be vulnerable is when a system is mis-configured, such that it becomes vulnerable. One example could be that a default password was left in place for the administrative interface of an application.
AVDS detects vulnerabilities that are caused by all three of the above scenarios.
An IPS blocks attacks. AVDS finds and helps fix the vulnerabilities that the attackers are trying to reach. The most perfect IPS, with the most careful maintenance will not stop 100% of attacks. An average IPS with average maintenance is a poor barrier indeed.
Defending a network with IPS is like catching fast ball pitches (or football free kicks) in front of a glass window. You MUST stop every kick or throw. A well designed VA solution like AVDS will turn your window into a wall. Yes, please do use an IPS, but if you miss a packet, there is no emergency.
Microsoft Windows operating system: