A +plus in security for your company

VULCOM 12.0 was released on 07/07/2021. In this version, the focus was mainly on VULCOM Insurance. VULCOM "Trivium" is available for all customers since 08/07/2021.

Features and Changes since VULCOM 11.0

This version especially brings new features for VULCOM Insurance. In addition to Level 1 (Basic), there are now also Level 2 (Advanced) and Level 4 (Internal) available. These two levels allow an even more detailed examination and evaluation of the risks of companies. In addition, permission management has been made even more fine-grained. For VULCOM Appliance customers, the scan reports to be exported have been improved and extended.

VULCOM SaaS und Appliance

Since the previous release, results are now rated with CVSSv3 by default. With this change, in addition to the categories "Low", "Medium" and "High", there is now also "Critical" for the assessment of vulnerabilities. The scan report, which can be generated by Appliance customers, now offers full support for CVSSv3. Furthermore, other optimizations have been made to the scan report. For example, if there are no vulnerabilities for the scanned targets, descriptive information text is now displayed instead of empty tables and a blank chart. Moreover, the targets to be scanned are listed right at the beginning of the report, so that scanned targets for which no results are available are also mentioned.

As with every release, VULCOM 12.0 contains bug fixes and improvements.

VULCOM Insurance

TL;DR: There are two major updates for VULCOM Insurance. Firstly, Level 2 (Advanced) and Level 4 (Internal) have been added to VULCOM Insurance, enabling an even more comprehensive security assessment. Furthermore, the extended permission management allows an even more fine-grained design of the rights of VULCOM Insurance users in relation to the policyholders.

The initial assessment of a company is carried out in VULCOM Insurance with Level 1 Basic Scans. With the release of Level 2 Advanced and Level 4 Internal Scans, risks of companies can now be examined and evaluated in even more detail. For this purpose, VULCOM Insurance has been extended with brand-new sub-pages, which visualize all scan results graphically and prepare them textually in tables. The identified vulnerabilities can be sorted, grouped, filtered, marked, etc. as desired to ensure ideal processing. For each vulnerability there are detailed descriptions, comprehensive recommendations for remediation, technical instructions for exploitation, and a list of references to the respective CVEs. PDF reporting for Advanced and Internal Scans is currently under development. Starting with the next release, PDF reports can also be exported directly from the website with just one click (as already known from Level 1). Due to legal restrictions, however, these two levels do not yet work fully automatically, as they require a Permission To Attack (PTA), which must be obtained manually beforehand, in comparison to Level 1 Basic Scans.

The permission management has been extended in VULCOM Insurance with so-called "Conditions". It is now possible to further restrict single permissions in order to better control the access to certain resources. For the time being, "Conditions" only exist for the specific permissions "Read Policyholder" and "Manage Policyholder". For the "Conditions" themselves, the two types "own" and "specific" are available. With this extension, for example, the following permissions can be configured for existing users:

• The user may only read and may only manage the own created policyholders.

• The user may only read specific policyholders and may only manage them.

• The user may read all policyholders, but may only manage the specially created policyholders.

• etc.

In this way the most different combinations can be realized. Since the permissions and the "Conditions" are applied to groups, even more variations can be created by assigning multiple groups to one user. The "Conditions" are thus a powerful tool and enable effective permission management for many different use cases.

In addition to these two major updates, additional optimizations and bug fixes have also been made for VULCOM Insurance.

VULCOM 11.0 "Soilwork" was released on 02/02/2021. This version brings support for CVSSv3, after the basis for this was created over several releases. VULCOM "Soilwork" is available for all customers since 02/03/2021.

Features and Changes since VULCOM 10.0

VULCOM 0.17 brings new features and improvements especially for VULCOM Insurance, VULCOM SaaS and Appliance. What's new is that CVSSv3 is finally being used in general, after support has been built in and prepared in all components over several releases.

VULCOM SaaS and Appliance

Results from 10/02/2021 onwards will now be rated with CVSSv3 by default. Results captured prior to 02/10/2021 will also be displayed with CVSSv3 in the daily updated score from that date forward. In both cases, CVSSv2 does not disappear completely, but CVSSv3 will be preferred. If old vulnerabilities that do not have a CVSSv3 rating appear, they will still be rated with CVSSv2. As of this release, a label explicitly indicates CVSSv2 ratings.

We have redesigned the dashboard and host management in VULCOM SaaS and Appliance. It is now quicker to see on the dashboard how many vulnerabilities have been captured by VULCOM. The new indicator on the tag-specific charts reflects the percentage of vulnerabilities for that day out of the total number. Host management has now been improved with a details page for hosts. This includes not only the host's scan results but also port scan results and a list of open ports.

As with every release, VULCOM 0.17 contains bug fixes and a large number of improvements.

VULCOM Insurance

In the future, VULCOM Insurance will communicate the status of scans via annotations and color codes in the company list. If a scan is running for a company, an annotation will be displayed on the company's detail page. Starting another scan is prevented until the current scan is completed. In the company list, the status of scans can be read by the following color codes at the different scan levels:

• Blue/white rotating border: scan is in progress.
• Green border: A scan was completed in the last 24h.
• Red border: An error occurred during the scan.
• Default: A scan was successful and is older than 24h or there is currently no scan for the company.

The interface for starting scans has been improved and now displays when non-recommended inputs are made. This includes, for example, entering subdomains such as www.example.com or subdirectories.

The options for branding PDF reports have been extended again, providing even more flexibility for report design. Additional optimizations and bug fixes include tablets view improvements, adding missing translations and much more.

Get a personal impression of the capabilities and possibilities of our VULCOM series and get to know the people behind the products. Visit us in hall 10.1 at booth 10.1-114. We are looking forward to your visit!

For the first time we are able to present VULCOM Insurance to the public in Germany. Working closely with risk management and insurance professionals, we are proud to introduce VULCOM Insurance, a product that stands out from existing systems with its versatility and holistic approach. We invite you to come by our booth 10.1-114 in hall 10.1.

For the first time we are able to present VULCOM Insurance to the public in Austria. Working closely with risk management and insurance professionals, we are proud to introduce VULCOM Insurance, a product that stands out from existing systems with its versatility and holistic approach. We invite you to come by our stand and look forward to your visit.

With the next release of VULCOM we will expand your possibilities to integrate any checks and scanners in VULCOM. Write your own security checks for proprietary systems or check for specific issues that you want to address. Perform controlled audits in sensitive networks such as critical infrastructures.

Now you have complete control over which checks you want to run, integrate into VULCOM and monitor.