Threat & Vulnerability Orchestration

NormShield Threat Vulnerability Orchestration

Best in class discovery

  • Automatic discovery of system changes and anomalies
  • Findings analyzed and prioritized
  • False positives eliminated
  • Root causes identified
  • Effectiveness of resolution measured


NormShield provides smart normalization and classifications on vulnerabilities in order to make security professionals’ lives easy. Additionally, security professionals can produce triggers based on various vulnerability related fields and notification channels to get notified if new vulnerabilities are detected. NormShield is integrated with many of the popular scanners. Your assets are scanned with multiple security scanners and findings are managed from a centralized dashboard.

  • Vulnerability Scanning & Result Aggregation

    There are a number of scan engines that can scan your applications or services but using single scan engine may result in false positives or even worse false negatives. NormShield takes advantage of using multiple scan engines for cross-checking and decreases the false positive and false negative results and aggregates scan results in a unified platform.

  • Multiple Vendor Scan Engine

    NormShield is using industry leading scan engines like Nessus, Netsparker, Nexpose, OpenVAS and more. Customers can enjoy using industry standard powerful scan engines as well as NormShield vulnerability management console.

  • Centralized Scan Console

    Creating vulnerability scan and choosing an optimum scan policy could be tricky. The scan configuration should be comprehensive enough and should create low overhead to target service. There are a number of preconfigured scan templates in NormShield cloud platform where a security admin can pick a suitable one easily.

  • On-Demand & Scheduled Scanning

    NormShield enables the target services to be scanned both daily, weekly or monthly as well as on-demand. The schedule can be customized and mixed-n-matched with multiple scan engines too.

  • Offline / Passive Scan

    Vulnerability scanning creates great overhead on target assets but security requires continuous attention. NormShield solves the problem by taking a snapshot of target asset and continuously scans this snapshot passively without sending a single packet to the target service.

  • Integrated Vulnerability Validation

    NormShield is based on 80% automated, 20% human intelligence. Findings can be validated by real cyber security professionals. Premium customers can even get support and online consulting services for further assistance too.

  • Asset Discovery, Contextualizing, Prioritization

    Your system and security team deploys numerous new application and services to Internet. Tracking too many changes and scheduling vulnerability scans are taken care of by NormShield Automatic Asset Discovery, Contextualizing, Prioritization trio. Security teams do not need to track every new deployment because auto-discovery finds the new service, schedules a vulnerability scan and creates a ticket to responsible party.

  • Executive Level Reporting

    Security departments are defensive units rather than offensive ones. In order to show their progress they need to show more than “not hacked” results. They can use NormShield’s executive and rich progress reports to show the decrease in risk scores, fixed vulnerabilities and increased strength of the organizations.

  • SIEM Integration

    Vulnerability management plays a key role in Security Operation Centers and Security Big Data. Both pull & push methods are available for integration newly found vulnerabilities and threat intelligence alarms to your SIEM product.

  • Built-in Ticketing

    NormShield provides a built-in ticketing system to track your vulnerabilities. We also integrate with other popular ITSM applications.

  • Scale-out Capability

    Customers can easily integrate their new assets with NormShield with a few mouse clicks. Cloud based auto-scale of NormShield can even handle thousands of new assets in a few hours.

  • Local & Distributed Scanning

    NormShield has both cloud and on-premises edition for local and distributed scans. Master node can handle up to 1024 agents which can scan 2 million edges in a day.

  • Authenticated Scans

    Many applications rely on authentication and it is easy to create an authenticated scan policy for such applications. Customers can even import external scan engine or penetration testing results into NormShield platform.

The Methodology

Cyber Threat Susceptibility Assessment (CTSA) is a methodology for evaluating the susceptibility of a system to cyber-attack developed by MITRE. CTSA quantitatively assesses a system's inability to resist cyber-attack over a range of cataloged attack Tactics, Techniques, and Procedures (TTPs). CTSA consists of the following steps:

Product Methodology

To generate the scorecard, NormShield needs only the company domain. The engine collects the related information from VirusTotal, Passive DNs servers, web search engines, and other Internet wide scanners as well as NormShield's proprietary databases, which hold more than 10 billion historic items. The engine searches the database in order to find all IP address ranges and domain names that belong to the company. NormShield uses what is called Open Source Intelligence (OSINT) that is shown below to gather information. The following map shows how hackers can leverage their attack vectors by using OSINT resources like hacker forums, social networks, Google, leaked database dumps, paste sites, or even legitimate security services like VirusTotal, Censys, Cymon, Shodan, or Google Safe Browsing.

NormShield compiles this data into a simple, readable report with letter-grade scores to help identify and mitigate potential security risks. It identifies the risks (CVE/CWE), the risk score of the corresponding vulnerabilities/weaknesses (CVSS/CWSS), and attack patterns (CAPEC / FIPS-199 impact level). NormShield also classifies the findings into FISMA Cyber Security Framework Area and Maturity Level, NIST 800-53 Control Family, FIPS-200 Area, NIST 800-37 Process Step. NormShield does all of this without scanning or modifying any of the organization’s business assets.