Vulnerability management is the process of identifying, evaluating, eliminating, and reporting security vulnerabilities in systems and the software that works for them.

Protecting your organization from these threats requires a vulnerability management solution that can keep up with all these changes and adapt to them. Without this, the attackers will always be way ahead.

official website

Vulnerability management software automates this process by using a vulnerability scanner and sometimes agents at endpoints to take inventory of various systems on the network and find vulnerabilities in them. After the vulnerabilities are identified, the risk they pose is assessed in various contexts so that a decision can be made on how best to treat or fix them. Vulnerability checking is an effective way to contextualize the real severity of the problem.

ALTEX-SOFT is a Russian information security solutions developer. The main activities of the company are:

• Development of the RedCheck security analysis tool;
• Formation of security definitions in SCAP protocol formats;
• Creation and support of the world’s largest proprietary open repository of OVALdb definitions;
• Consulting and certification of information security tools according to the requirements of Russian regulators.

The company’s flagship solution is the RedCheck security scanner – a complex product for security analysis and information security management, which provides the search and elimination of vulnerabilities caused by errors in the code, incorrect configure security settings, weak password protection, unauthorized installation of software and hardware, untimely installation of critical updates and violation of accepted security policies.

The flexible architecture and licensing system allow you to deploy RedCheck both on a local network or on a separate node building hierarchically subordinate structures and get a full security status picture of the entire system or its individual segments. RedCheck has no scaling restrictions. The RedCheck security scanner has the OVAL Adopter and CVE Compatible statuses, its key feature is working with unified SCAP-content obtained from ALTEX-SOFT’s own OVALdb repository.

Official website of the RedCheck scanner https://www.redcheck.ru/

The RedCheck security scanner has a valid certificate of the FSTEC Russia No. 3172, which confirms compliance with the security control (analysis) tools and the requirements of the RD “Information security requirements establishing confidence levels in the means of technical protection of information and means of ensuring the information technologies security” — according to the 4^th confidence level.

Certificate of the FSTEC Russia https://www.redcheck.ru/upload/iblock/329/certificate_redcheck.pdf

The RedCheck security scanner is included in the Unified register of Russian programs for electronic computation systems and databases. https://reestr.digital.gov.ru/reestr/302114/?sphrase_id=193384

APPLICATION SCENARIOS

• Security control of small and medium-sized networks (200 nodes);
• Security control of a geographically remote network (installation on a dedicated server);
• Security control of large Enterprise class networks, branch networks.

AREAS OF APPLICATION

State structures, Banks, Retail, Fuel and Energy Complex, Industry, Communication, Housing and communal services, Transport.

LICENSING

RedCheck is licensed by the number of scanned (verifiable) FQDN or IP addresses or by the number of installations of the scanner and its additional modules. There are four editions for corporate use of RedCheck that differ in functional capacity:

• RedCheck Base is a product edition that includes tools for a full vulnerabilities and updates audit of Windows and Linux systems. It performs integrity control, inventory, network checks and other procedures necessary for daily monitoring of information systems security.
• RedCheck Professional is a functional edition that includes a wide arsenal of tools for monitoring and managing the security of corporate—level networks. Licensed by the number of scanned IP addresses (DNS names).
• RedCheck Professional (for certified versions of Microsoft) — In its capabilities, the program is similar to the RedCheck Professional edition, while it is supplemented with the ability to manage configurations and install updates for Microsoft versions certified according to security requirements. The edition is delivered only to users of Microsoft certified software.
• RedCheck Enterprise — the edition includes all the functionality of the program and is focused on large and distributed information systems with the possibility of unlimited scaling. Licensed by the number of installations, has no restrictions on the number of scanned IP addresses (DNS addresses). Additional scanning modules are provided for scaling. An additional module is installed on a separate server to increase the performance of the scanner. The license includes extended technical support.