Questions and answers

Questions and answers

Frequently asked questions about AssetSec!

Questions and answers

Frequently asked questions about AssetSec!

Questions and answers

You ask. We answer.

Many AssetSec users ask similar questions. Here we have summarized these questions and explain how everything works.

Arrow downWhat's a vulnerability?

The direct meaning is: "...the point at which something is vulnerable or attackable." In terms of IT, a vulnerability exists when an application can be exploited under certain conditions, e.g. to execute malicious code, to obtain extended rights or to render the application inoperable.During the development of the application, scenarios may occur that have not been considered.

Arrow downWhat is vulnerability management?

Vulnerability management provides an overview of the security status of your IT systems. It automatically searches for vulnerabilities in the applications used and lists them. The vulnerabilities are evaluated, followed by a recommendation in which order and how these individual vulnerabilities can be eliminated. Recommendations range from updates to configuration adjustments.

Arrow downVulnerability Management and Patch Management?

The combination of vulnerability management and patch management has established itself in the IT security market. Patch management can be controlled by vendor-independent vulnerability analysis. Have the updates arrived on all systems? What is the tendency of the identified vulnerabilities? In the past, there was already malware that disguised itself as a Windows update.

Arrow downPenetration Testing vs. Vulnerability Management?

The main difference between penetration testing and vulnerability management is the area to be analyzed. After successfully exploiting a vulnerability, the penetration test is complete. This is carried out by IT security consultants and aims to find a possible way to compromise a system. In contrast to vulnerability management, the goal is to analyze as many systems as possible. In addition, a vulnerability analysis can be performed automatically, thus optimizing the time required for a continuous security process.

Arrow downHow does AssetSec update its database with the latest vulnerability information?

AssetSec uses a commercial feed to obtain the latest vulnerability tests. If new vulnerabilities become known, a test is defined to identify the vulnerability. In the next scan, the test is automatically considered and used to analyze your systems.

Arrow downHow often does AssetSec update its database with the latest vulnerability information?

The feed is updated daily with new vulnerability tests.

Arrow downWhich data is stored by AssetSec?

In addition to the personal data for the account, AssetSec stores the vulnerabilities found for each IP address. The relationships between vulnerabilities and IP addresses are encrypted.

Arrow downWhere is AssetSec data stored?

AssetSec temporarily stores data in the Level 3 data center in Düsseldorf. In addition, resources are stored in Microsoft Azure (Amsterdam). (From 2020, the German Microsoft data center will be used after completion.)

Arrow downHow is my data protected in AssetSec?

The password for the access data is stored securely according to the latest technical possibilities. In addition, the account can be protected by two-factor authentication. The relationship between vulnerability and IP address is encrypted.

The SIEVERS.io team is also a specialist in data protection for customer data in the cloud. Because we are certified according to ISO/IEC 27018:2014.

The ISO/IEC 27018:2014 is a code of practice for the protection of personal data in the cloud. It is based on the ISO/IEC 27002 standard for information security and provides implementation guidelines for ISO/IEC 27002 controls on Personally Identifiable Information (PII) in a public cloud. The standard provides additional controls and guidelines for the protection requirements of personal information in the public cloud.

Arrow downIs two-factor authentication possible?

Yes, after signing up in the AssetSec app a two-factor authentication can be activated. Currently Google Authenticator and FreeOTP are supported.

Any further questions?

Contact us by e-mail or messenger. We will be happy to answer any questions you may have. You can test AssetSec free of charge for 7 days. We are happy to answer your questions. We look forward to hearing from you!