Digital Defense uses a combination of automated and analyst-assisted services to help customers secure their business operation. The automated services and the results of the analyst-assisted services are provided through Frontline™ Solutions Platform, our proprietary service delivery platform.
At the heart of the Frontline Solutions Platform architecture is a set of security services which are accessed over a web serviced HTTPS communication interface. The service request messages are XML based. Although an end user accesses the services via web pages as presented by the Frontline portal, internally the Frontline Solutions Platform Web Server sends service requests to the Business Logic Server. The Frontline Solutions Platform Business Logic Server acts as an application server that offers security services to requesting clients. The architecture supports an event registration mechanism that allows other Frontline Solutions Platform machines within the Digital Defense Secure Network Operations Center (SNOC) to register for a large set of security events. Once registered, events such as new vulnerability findings and newly discovered hosts are sent to the registered client over Service Oriented Architecture (SOA) message mechanism.
Frontline Solutions Platform provides clients and partners with a highly configurable and easy-to-use vulnerability scan and assessment results management capability within the Assessment View subsystem. Assessment View Scan & Results Management enables IT supervisors to configure and run on-demand or recurring host discovery and vulnerability scans on an individual host or network-wide basis. Clients can then choose to review the results in an online fashion with sophisticated search and drill-down capabilities or through the generation of a wide variety of downloadable report types and formats.
Additionally, clients access the results of penetration tests and our other network and environmental security services via the Assessment View Scan & Results Management subsystem. The centralization of our security testing results greatly reduces the administrative burden associated with keeping track of test and compliance reports for our clients.
Frontline Solutions Platform provides a sophisticated workflow management capability known as Active View™. The Active View Workflow Management and Ticketing subsystem enables IT supervisors to maintain a current and accurate view of the information systems present within their IT networks, including their vulnerability status. Through the use of a reconciliation utility, customers can also effectively track the vulnerability status of hosts over time while keeping tabs on the progress of the IT staff or third-party organizations assigned to remediate vulnerabilities. This can be accomplished with the remediation instructions provided through the Frontline Client Portal.
Additionally, the results of penetration tests are managed via the Active View Workflow Management & Ticketing subsystem. Our unique approach to delivering penetration test results to our clients saves them countless hours in addressing penetration test findings via traditional methods.
Active View™ Risk Management enables clients to further classify their hosts by allowing the client to indicate risk levels for their assets based on three security parameters - Confidentiality, Integrity and Availability (CIA). It also authorizes clients to assign weights to each of the security parameters, thereby allowing the client to indicate which parameters are more important to them.
As a result of assigning CIA parameters to client hosts, they are now able to better prioritize vulnerability remediation efforts. Further, clients are able to portray the status of the business operation to boards and regulatory examiners from not only a security posture standpoint, but also in terms of business risk.
The Frontline Client Portal performs both external and internal vulnerability assessments by accessing our own proprietary scanning device -- called a Network Interrogator Reconnaissance Vehicle (NIRV). This device quickly and efficiently scans your network to identify any potential vulnerabilities. To scan your public-facing assets, we use a NIRV located at our Secure Network Operations Center (SNOC). This gives us an effective method of evaluating the risks of attack on devices exposed to the Internet.
In addition, we place a separate NIRV on your premises -- connected to your internal network -- to scan your intranet assets. Ongoing maintenance of the NIRV takes place remotely from our SNOC, sparing your staff any added effort.
Our Software as a Service (SaaS) solutions include extensible Application Programming Interfaces (APIs) for integration with third-party applications as well as your own custom programs. This means you can seamlessly integrate the Frontline™ Client Portal with key components in your existing IT infrastructure -- so you can maximize the use of your technology investments.
By adhering to the emerging Service Oriented Architecture (SOA) standards, your third-party applications can access our security services in a manner similar to a human user. These service requests are submitted in an XML-based format, which is highly scalable and easily deployed. Digital Defense also offers software development kits (SDKs) to aid in the integration process.
With our industry-standard approach, you can align your security evaluations and vulnerability assessment activities with the rest of your IT operations. You can integrate your remediation tasks with help desk, ticketing, and patch management systems, for example. Plus, our security services can be integrated with other penetration testing, network analysis, and firewall solutions.
Learn how DDI can improve your security posture and ROI with our Managed Security Services.
Visit our new Vulnerability Research and Security Analytics Blog today at DDI Labs.
This site has been optimized for FF2/3 and IE7/IE8. Site functionality may be reduced when utilized with other web browsing software.
The Homeland Security Portal is an interactive platform and informative arena where industry professionals can register, advertise and obtain publicly available information regarding new products, new technologies, industry news, case studies, investment opportunities and much more.