Application Security Program Management

NTOEnterprise provides a global view of your application security program. It gives you the data you need to assess if your application security posture is improving or not. NTOEnterprise enables you to manage an enterprise application security program. It can be delivered as software and used with NTOSpider or used via SaaS with NTOSpider On-Demand.

Key Benefits

Centralized Control
NTOEnterprise gives you centralized control and automation over all aspects of your enterprise web application scanning including scan configuration, scheduling and monitoring.

Scalable
NTOEnterprise quickly scales to address your needs whether you have hundreds or thousands of applications. Not only does NTOSpider On-Demand have the ability to run an unlimited number of simultaneous scans, but it is also able to automatically create new scan engines to handle increased workloads.

Flexible
Define and view applications by any attributes your organization needs to use through meta-tags. Tags provide the ability to view applications by grouping including: business unit, business risk/criticality, by owner, by location or any other grouping that helps you organize your applications.

Customizable
Allows your organization to have complete understanding and control of the vulnerability scans and management.
Leverage defined tagging combined with custom reports to provide a graphical view of the enterprise security posture
across all enterprise applications to determine trends and status of the application security program.

How It Works

Management Dashboard
Users can quickly find the scans they are looking for by server name, scheduled time of scan, etc. Through the easy-to-use list of scans configured in the system, you can see and manage the entire list of completed scans, search by scan configuration, start time, finish time or configuration name. Users can define their own meta data that they want to use to manage scans.

Centralized dashboard provides a consolidated view of web application scans that enables you to:

• Configure scan through simple user interface
• Schedule start time and frequency of scans
• Monitor all details of running scans with ability to pause or stop a scan at any time

Asset Tagging
New asset tags facilitate flexible custom reporting and a graphical view of the security posture across all enterprise applications. Organizations can define (customize) their own tags to view applications and vulnerabilities from different vantage points. Organizations can tag by location, team or business functionality such as which applications store credit card data or Personally Identifiable Information (PII). In addition, organizations can define trending data to show vulnerability trends over time.

Reporting
Custom report generators allow users to define filters to quickly find and analyze vulnerability information from their scans. The custom reports and charts provide the excellent report and presentation data for management including:

• Active vulnerabilities by vulnerability type
• Six month vulnerability trending chart
• Recent completed scans
• Scans in progress

Simple Application Interface
Users interact with NTOEnterprise to initiate, schedule and configure application scans through a simple user interface. Scans can be scheduled to run at regular monthly or quarterly intervals to provide ongoing monitoring of the organization’s application security issues. The enhanced interface enables users to easily configure application scans and review in-progress scans, recent scans, scheduled scans and configuration settings.

Test Management Software Integration
NTOEnterprise is now capable of creating tickets for each discovered vulnerability in popular issue management systems. Supported systems: RSA Archer, HP Quality Center, and Atlassian’s JIRA.