VeriSign's Managed Vulnerability Protection Service (MVPS) provides the ideal solution for organizations seeking customized, cost-effective and continuous protection against exploitable vulnerabilities. Its building blocks include an up-front risk assessment and recurring vulnerability scanning, vulnerability testing and penetration testing. These are applied to a variety of enterprise-wide targets, including:

		Internal or DMZ networks
		External, Internet-facing networks
		Web-based eCommerce applications
		Wireless LANs
		Modems and remote access systems

As an upgrade, VeriSign provides an alert service that correlates emerging threats against a host-based, MVPS database that offers customers up-to-the-minute vulnerability intelligence.

Key Features

VeriSign offers Full Life-Cycle Management of your MVPS with the following features:

		Optimizing Frequency and Depth – MVPS allows clients to customize the type and frequency of vulnerability assessments. VeriSign works with its clients to create a service that meets their unique needs and policies. For example, VeriSign may conduct in-depth penetration tests of a client's Internet systems semi-annually, while running more automated and less expensive vulnerability scans on a monthly or even weekly basis. As a result, VeriSign's clients are apprised of the latest vulnerabilities through a cost-effective program that meets their organization's specific security needs.
		Customizing Risk Profiles – Once an organization selects its ideal mix of services, VeriSign completes the initial set of assessments that act as a baseline for future analysis. VeriSign then consults with its clients to create a risk profile. This helps VeriSign properly classify the risks specific to each client's network and system. For example, VeriSign can flag servers with critical data so all security issues are escalated immediately. With a customer's specific risk profile, VeriSign can prioritize issues to negate futile alerts. Customers are also able to adjust their profiles to accommodate any environment changes.
		Distributing Reports with Expert Analysis – Via secure digital transmission, VeriSign issues assessment reports regarding identified vulnerabilities. These reports are sent to designated people within the organization and provide business-oriented recommendations on how to address the documented problem. VeriSign customizes each customer's alert thresholds based on any individual vulnerability criteria. VeriSign's MVPS provides customers with the ability to view vulnerability trends over time and to generate custom reports.
		Continual Security Support – VeriSign's highly qualified analysts walk customers through their report results and take the time to explain any recommended actions. In addition, MVPS customers are assigned a dedicated service manager who is available to help fine-tune their service on a regular basis.

Key Benefits

		Customized Approach The guiding principle of MVPS is flexibility. VeriSign works with each customer to target information entry points, e.g., Internet connections, DMZ, internal networks, wireless and Web applications. VeriSign develops a program that is prudent while still effectively addressing the appropriate depth and frequency of vulnerability testing for its customers.
		Cost-Effective Testing The MVPS monthly subscription fee provides an organization with the right combination of automated and manual testing, analysis and reporting. VeriSign's comprehensive testing is done at an overall lower cost than that of a one-time test that diminishes in value with each new vulnerability discovery.
		Business Risk Based The most effective security program is one that strikes an optimal balance between cost and business risk. During VeriSign's up-front risk assessment, the company works with its customers to identify and prioritize applications and systems critical to their business operations. VeriSign also develops a custom program to ensure the systems are continually protected from hackers and malicious code, both inside and outside of the customer's network perimeter.
		Distributed Testing VeriSign's Security Defense Appliance TM (SDA) allows companies to conduct remote testing of their customers' DMZ or internal networks. Unlike any other service provider, VeriSign can detect and categorize "hidden" vulnerabilities to obtain a total network picture, inside and outside of network firewalls. Deployment of the SDA is not required, but highly recommended.
		Intelligent Reporting   Prior to issuing a customer report, the VeriSign vulnerability assessment team reviews all scan results and, based on an organization's individual business risk, prioritizes vulnerabilities. This is done to ensure that customers receive relevant and functional reports as well as gain realistic, practical and easy-to-implement recommendations.
		Secure Testing Facilities VeriSign conducts all Internet-based tests from its Vulnerability Assessment Center that resides in the company's 24x7, hosting-grade SOC. Sensitive customer data is collected, analyzed, and maintained in a secure, controlled environment; sensitive customer data is never transmitted or copied to a consultant's laptop or PDA.

Managed Security Services (MSS)

Other services which are part of the Managed Security Services are: