• Solutions

    • Solutions

    • Scan
    • Analyze
    • Score
    • Automate
    • What is on my network?
      Quickly, comprehensively and accurately assess endpoints and servers for operating system and application vulnerabilities.
    • Which assets are at risk, and what should I do about their vulnerabilities?
      Identify which assets are at risk and receive actionable intelligence to reduce workload and increase effectiveness.
    • How do I measure my overall risk and where should I focus remediation efforts?
      Benefit from a clear, easy-to-understand metric to determine your organization’s security posture.
    • How can I integrate Frontline vulnerability findings into my security workflow?
      Easily integrate discovered, analyzed, scored, and prioritized vulnerabilities into leading security workflow management platforms and SIEMs.
    • Test
    • Educate
    • Compliance
    • How do I assess where I’m exposed from an attacker’s perspective?
      Assess your “network attack surface” and your “personnel attack surface”.
    • How do I ensure all personnel are cognizant of risky “digital behavior”?
      Increase the security IQ of employees, contractors, and patrons to effectively defend against a security breach.
    • Am I meeting requisite compliance standards?
      Leverage the expertise of one of the world’s longest tenured PCI Approved Scanning Vendors (ASV) to achieve compliance AND an optimal level of security.
  • Cloud Subscriptions

    • Frontline Cloud Subscriptions

    • Frontline Advanced™
    • Frontline Pro™
    • Frontline PCI Pro™
    • Frontline Pen Test™
    • Frontline Advanced is Digital Defense’s flagship vulnerability management offering. Powerful and effective, the service is delivered in a rich, affordable and easy to consume subscription.
    • Frontline Pro provides the same industry leading solution subscription as Frontline Advanced, but adds a Personal Security Analyst (PSA) to help lift the burden of vulnerability management.
    • Frontline Payment Card Industry-Professional (Frontline PCI-Pro) service guides businesses through the PCI Data Security Standards (DSS) requirements maze with security expertise and personalized recommendations to achieve compliance.
    • Frontline Pen Test offers a conveniently packaged sequence of periodic (and scheduled) pen tests into an annual subscription.
  • Platform

    • Platform

    • Frontline RNA™
    • Frontline VM™
    • Frontline Reconnaissance Network Appliance (RNA) is a preconfigured network based device used to perform network security assessments without requiring onsite staff.
    • Frontline Vulnerability Manager (VM) is the industry’s most comprehensive, accurate, and easy to use VM platform – bar none.
  • Technologies

    • Technologies

    • DDI NIRV™
    • DDI VRT™
    • DDI DNA™
    • DDI NIRV – the technology core of Frontline RNA™ – works on the principle of real-time event-based tuning. As it learns more about hosts and the network, NIRV adjusts its plugin sets and auditing mechanisms in real time – leading to far more accurate and complete scanning data.
    • While Digital Defense has achieved public acclaim for its superior vulnerability scanning, vulnerability management, and best practice consultative services, we are also actively involved in security threat research.
    • Digital Node Attribution (DNA) is the core technology within Frontline VM that eliminates network drift. As point in time scans from RNA are fed into Frontline Vulnerability Manager™,
  • Professional Services

    • Professional Services

    • Frontline Pen Test Project™
    • Frontline Social Test™
    • SecurED™ Training
    • Understanding and addressing network and host vulnerabilities is, of course, an essential element to strong information security.
    • Social engineering is a popular technique attackers use to gain access to your network and, ultimately, valuable information held by your organization.
    • SecurED, an entertaining awareness training designed to optimize employee retention of serious security intelligence and best practices.
    • TEAM™
    • Consultative Services
    • As your organization grows in size and complexity, determining exposure to information asset risks becomes more challenging, as does your ability to identify threats and implement effective plans to address them.
    • As your organization grows in size and complexity, determining exposure to information asset risks becomes more challenging, as does your ability to identify threats and implement effective plans to address them.
  • Get a Quote

Vulnerability Disclosure Policy

Policy Summary

Digital Defense discloses information about newly discovered vulnerabilities to protect our clients’ computing networks from possible compromise by unauthorized parties. The company recognizes, however, that organizations who do not contract with Digital Defense may suffer from the public disclosure of this type of information. For this reason, the company has a policy and process in effect that details how Digital Defense manages the public reporting of security vulnerability information.The primary goals of Digital Defense’s Vulnerability Disclosure Policy are as follows:

  1. Protect Digital Defense clients from risk of compromise resulting from the exploitation of newly discovered vulnerability by unauthorized parties.
  2. Effectively communicate vulnerability information to clients, computer industry vendors, and the public so that remediation solutions can be developed quickly and efficiently.
  3. Minimize risk introduced by newly discovered vulnerabilities to all parties potentially exposed.

Digital Defense believes that the industry as a whole benefits from the responsible reporting of newly discovered security vulnerabilities. The following process will be followed by Digital Defense personnel.

Vulnerability Disclosure Process

From time-to-time our security analyst team discovers new vulnerabilities in their research efforts. In the event that a new vulnerability is discovered, Digital Defense has a Vulnerability Disclosure Process that is used to communicate its findings to industry stakeholders. Industry stakeholders include computer industry vendors, our clients, and the public. This process is described here.

  1. We contact the vendor who developed the platform containing the vulnerability via a PGP-signed e-mail (encrypted if possible) and notify them of the details of the vulnerability.  The notice will be sent to the following standard set of addresses for the vendor:
    • support@
    • sales@
    • info@
    • security@
    • security-alert@
  2. We also notify the vendor that the Company plans to disclose the vulnerability on the following schedule, with special exceptions made as deemed prudent:
    • An advisory to our clients describing the vulnerability, along with known remediation information.  Sent after 30 calendar days.
    • An advisory to the general public describing the vulnerability along with known remediation information. Sent after 45 calendar days (The Company strongly prefers to make this announcement as a joint release with the platform vendor, but this may not always be feasible.)Note that the lack of response to our notice from the vendor will not have an impact on this release schedule.
      The Company requests a written acknowledgement (e-mail acceptable) back from the vendor indicating that the vendor is aware that we intend to release an advisory describing the vulnerability on the vendor’s platform, and that Digital Defense desires to make a joint release.
  3. We simultaneously commence development of a Consolidated Vulnerability Check (CVC), using normal CVC development logging and request methods.  The goal of the CVC is to detect the presence of the vulnerability during a vulnerability assessment or a penetration test.
  4. After completing the first two steps noted above and waiting the requisite 30 calendar days, the Company releases the advisory (without Exploit References or Exploit Code) to Digital Defense clients for their advance review.
  5. Fifteen calendar days after completing this previous step, the Company releases the advisory (without Exploit References or Exploit Code) to the general public.
  6. If the vendor does not resolve the vulnerability within the requisite 45 calendar days, the Company works with a vulnerability coordinator such as CERT (Carnegie Mellon University’s Computer Emergency Response Team) to make the vulnerability information available to the general public.
  7. Fifteen calendar days after completing the previous step, the Company updates the advisory with any new information and posts the information on Digital Defense’s website under Vulnerability Research Team Advisories.
Share This