Vender Provided Validation Details - Digital Defense Frontline Vulnerability Manager v 6.0
The following text was provided by the vendor during testing to describe how the product implements the specific capabilities.
Statement of SCAP Implementation
The Digital Defense Frontline¢â Vulnerability Manager provides unauthenticated as well as authenticated scanning capabilities, vulnerability management, and compliance services. Frontline provides for:
In addition to confirmed vulnerabilities, Frontline uses proprietary technology to infer implicit vulnerabilities known within the interface as ¡°Heuristic Vulnerabilities¡±. The technology employs an artificial intelligence engine which consults a wide set of rules in order to infer implicit vulnerabilities. These rules include the CPE to CVE mappings that Digital Defense provides within SCAP feeds. Frontline users can view implicit vulnerabilities within the Frontline interface at the assessment level as well as within the workflow management system known as Active ViewTM.
The Frontline Solutions Platform (FSP) is the engine that powers the Frontline Vulnerability Manager and consists of a wide range of proprietary vulnerability detections. The Digital Defense Vulnerability Research Team (VRT) researches and implements all vulnerability detections. The implementation maps vulnerabilities to their corresponding title, description, remediation steps, and other related information, including external references.
Frontline users view vulnerabilities for specific assessments that have been launched, within the workflow management interface known as Active View, or they may browse all vulnerabilities within the FSP Dictionary. Many of the FSP proprietary vulnerability detections are related to vulnerability entries that are tracked within the Common Vulnerabilities and Exposures (CVE) database. Whenever there is a corresponding CVE, Frontline presents an external link to the related CVE entry. These external CVE references are available for vulnerabilities within any of the three previously mentioned locations within Frontline. When users of the system click on the external reference, they are redirected within a new browser window to the corresponding vulnerability within that CVE.
Digital Defense¡¯s FSP provides support for the Common Platform Enumeration (CPE). CPE is a structured naming scheme for information technology systems, software, and packages. Based upon the generic syntax for Uniform Resource Identifiers (URI), CPE includes a formal name format, a method for checking names against a system, and a description format for binding text and tests to a name.
The FSP utilizes a proprietary technique to fingerprint third party devices, operating systems, and applications. These are known within the FSP as the ¡°application detections¡±. These detections are shown in Frontline within the Assessment screens as well as the workflow management tool known as Active View.
Integral to the FSP is an application programmer¡¯s interface (API) that allows users to interface directly with the system without having to use a browser. This API, known as the Frontline SOA-API, is primarily used by users to integrate the Frontline with third party products. The application detections are shown within the XML output for several of the FSP SOA-API calls. All of the FSP application detections have corresponding CPE URLs. The CPE entries are pulled directly from SCAP data feeds and imported into the FSP system. Many of these URLs are found within the official CPE dictionary. Although the CPE URI is not shown within the FSP interface for their corresponding application detections, they are present within the output XML for the various SOA-API calls that use it. This allows for a simplified integration with third party products that are also compliant with CPE.
In addition, the FSP provides an ability to infer vulnerabilities that may be present on assessed systems using artificial intelligence. This capability, known as Frontline Heuristic Vulnerabilities, uses CPE as well as SCAP data and feeds that related CPE to CVE vulnerabilities as part of its rule-based expert system in determining the vulnerabilities to infer. The inferred vulnerabilities are listed within the Frontline Assessment and Active View screens for every detected host.
The Digital Defense Frontline¢â Services Platform (FSP) provides CVSS scores as well as CVSS temporal scores. CVSS base and temporal scores are displayed within the FSP at various levels within the portal including the Assessment View, the Active View as well as within the FSP Vulnerability Dictionary.
Users are able to view the detected hosts, services, applications, and vulnerabilities within the Assessment View. The CVSS scores are visible within this view by drilling down into the specific vulnerabilities for vulnerabilities that have associated CVE references.
The Active View is the FSP workflow management tool that allows users to manage their vulnerabilities. The CVSS scores are visible within this view by drilling down into vulnerabilities for which CVE references exist.
Users may view the entire set of vulnerabilities that DDI detects within the FSP Vulnerability Dictionary independent of assessments and independent of the Active View. The CVSS scores are displayed within the dictionary for vulnerabilities that have associated CVE IDs.
Digital Defense updates the CVSS base scores and temporal scores within the FSP as part of the Digital Defense Vulnerability Research Team (VRT) vulnerability detection releases.