FAQ - General

FAQ - General

The following is a list of Frequently Asked Questions (FAQ) of a general nature, focusing on better understanding the Vanadium solution:

1. What are the main uses of Vanadium?

Vanadium can be utilised in numerous ways:

a. As a network management and information security tool;

b. As an automated compliance platform for external regulations such as COBIT, PCI, ISO and/or automation of internal policies defined by the organization;

d. To operate as a risk management tool for devices, components, and systems on the corporate IT;

2. Who needs the Vanadium solution?

a. Organizations that need to perform a structured and centralized process of IT security policy and/or IT regulatory compliance (external and internal);

b. Any organization that is required to comply with external regulations;

c. Organizations that are interested in continuously monitoring their IT policy status;

d. Internal auditors that require a working tool to enable transparency and proactive reaction to different IT policy breaches and system alerts;

e. Consultants that need to facilitate the whole process of system checkups and final reports.

3. What is the recommended way of presenting the Vanadium solution to my management?

The Vanadium solution is a software platform that provides a clear and current view of the gap between the current IT status and the required IT policy.

Its thorough information and flexible capabilities enable the Vanadium platform to offer various IT uses such as: software licenses management, monitoring of installed anti-virus, etc., which can be of added value to the organization in aspects of efficiency, reducing costs and more.

4. How can the Vanadium solution assist in regulatory compliance such as SOX, ISO, and PCI?

The Vanadium solution includes out-of-the-box, ready to use regulatory templates for various regulations (i.e. ISO 27001, COBIT 4.1, PCI 1.1). These templates enable a complete walkthrough of the regulatory requirements and linkage of the requirements to specific IT controls, performed by the Vanadium platform. By using these templates, Vanadium users can easily track their compliance status to the regulations.

5. What is the difference between the Vanadium solution and other VA solutions?

VA solutions perform Vulnerability Assessment on the corporate network. However, vulnerabilities represent only a small part of the whole IT compliance task. The VA tools’ abilities are only a part of Vanadium's capabilities in the organizational IT policy. In addition, Vanadium examines further aspects of the IT such as: password length policy, USB devices, Malware software, servers' hardenings, Black List and White List of software etc.

6. Can Vanadium serve as a tool for consultants?

Vanadium may serve as an audit tool for IT consultants that can be run from a laptop.

Serving as an automated utility tool for the consultants, Vanadium is able to perform a comprehensive check up of the network, the servers, end users and devices – quickly and efficiently. The automatic check up performed in a short period of time saves working hours of examining the network and issuing inventory and information security reports.

7. Can Vanadium be used as an internal audit tool? How?

Certainly! Vanadium provides comprehensive reports that include cross-segment information that enables the organization to perform compliance check-ups of the required and current IT policy.

Vanadium enables an overview of the IT policy discrepancy in every scan, issuing differential and delta reports for each policy change.

8. What distinguishes Vanadium as an IT Compliance solution?

While some of the offered market solutions are agent based, Vanadium is a comprehensive solution that does not require an agent installation in the end users – it is agentless. This advantage allows Vanadium to operate as a friendly and non-intrusive solution, with reduced costs and minimal maintenance.

9. How does Vanadium integrate in my IT management tools environment?

Vanadium typically operates next to the existing management tools. The built-in abilities of Vanadium, coupled with being a platform that easily interfaces with third party systems, provides the IT management team with various types of information such as: network inventory, running services and their status, USB devices, system hardening status, etc.

10. What are the Vanadium platform deliveries?

Following are the prime deliveries of the Vanadium platform:

a. Full and detailed report of network inventory;

b. Differential reports of the IT policy status compared to the required (optimal) status and compared with previous (past) scans;

c. Specific user defined (periodic) reports that reflect the compliance status of the specific IT systems, based on the exact requirements of the organization.

11. Is HR allocation required for the ongoing operation of Vanadium?

No! Vanadium is an automated system that monitors the organization's IT policy. It easily integrates with existing systems, so the information gathered by Vanadium is automatically exported to the existing systems.

Consequently, following the initial (and speedy) implementation of Vanadium in the organization, no HR is required to maintain the system.

12. Why choose Vanadium for IT policy compliance?

Organizations invest a considerable amount of capital and resources in IT compliance strategies and plans. How many of these plans are in fact executed?

Vanadium is able to provide an immediate and clear view of the gap between the current and required IT regulatory status and offers the following:

a. Agentless Solution – the Vanadium solution doesn’t require any agent installations on network elements or on end stations and by that provides a non-intrusive solution along with an easy and fast deployment at any IT environment.

b. Automated Solution – offering the best IT compliance solution operated by automated software tools. This results in a low TCO solution requiring minimal operational resources.

c. Platform Flexibility – the Vanadium platform can be simply customized according to individual defined needs and is easily adjusted to various types of requirements.

d. ROI – providing fast delivery of outcomes (such as reports, alerts etc.) and full detailed assessment of the network assets at lower costs and high efficiency.