What is Vulnerability-based Change Automation App?

Overview

Vulnerability-based Change Automation App (VCA) is a Tufin extension (formerly Tufin Marketplace app) that integrates SecureChange with third-party Vulnerability Management tools.

The integration is accomplished through syncs or scheduled scans with your existing Vulnerability Management tools. Depending on the setting you select, VCA will either retrieve the historical results for the assets on the ticket, or launch a new scan (which can be scheduled). The syncs are configurable, and you can define a risk severity threshold, and which networks are scannable.

Why do I Need VCA?

The integrated, third-party tools allow you to enhance your risk assessments when evaluating access requests, enabling you to increase the benefit gained from your existing tools. And the integration with SecureChange will automate the risk approval process for you with integrated security checks.

You can use VCA to generate sharable HTML reports for the SecureChange tickets. These reports, which can be viewed from within the Access Request workflow, provide a reader-friendly summary and detailed breakdown of the vulnerabilities detected in the assets included in the ticket. The reports can be downloaded as HTML files, which the report recipients can then view in their browser, or share with other teams.

Supported Integrations

VCA supports integrations with the following Vulnerability Management tools:

• Rapid7 Nexpose
• Rapid7 Insight VM
• QualysGuard
• Qualys VMDR
• Nessus Professional
• Tenable.io
• Tenable.sc