It is important to plan your {{COMPANY_NAME}} {{PRODUCT_NAME}} deployment prior to rolling out the appliance. Several considerations are required to plan the launch of the console.
Self hosting the {{COMPANY_NAME}} console in your own cloud tenant can be done inside AWS (AWS (BYOL), AWS EC2 (Usage Based)), Azure, or Google Cloud utilizing the machine images developed by {{COMPANY_NAME}} in those respective platforms. Access the marketplace for your cloud provider and search for '{{COMPANY_NAME}}'.
We also provide the option of hosting the {{COMPANY_NAME}} console for you in our cloud environment - in this case, all the details concerning system requirements and set up are handled for you! Contact us if you would like us to host your {{COMPANY_NAME}} console.
Using VMWare or VirtualBox or other on-premise virtualization platform uses an OVA distributed via downloadable link you can request by contacting us
.Regardless of how you implement the {{COMPANY_NAME}} {{PRODUCT_NAME}}, select an appropriate fully-qualified domain name so that encryption communications can function and the console can be more easily managed and accessed.
{{COMPANY_NAME}} supports integration with several top tier vulnerability scanners, and relies on their scanning and data collection efforts to analyze the true risk in your environment. {{COMPANY_NAME}} combines this data with data collected by the {{COMPANY_NAME}} agents to identify what assets are exploitable via the vulnerable attack paths {{COMPANY_NAME}} discovers.
The list of supported vulnerability scanning platforms follows:
The {{COMPANY_NAME}} console requires access to updates.deepsurface.com and the hosts to be scanned by {{COMPANY_NAME}} need to communicate with the console to send scanning date. The console also must have access to the API endpoint appropriate to your vulnerability source. Firewall configurations and appropriate network routing between VLANs may be required. In the cloud the VPC or network configuration must be able to function with the correct ingress and egress paths opened to the appropriate network segments. Details regarding the network configurations for these options are found in the System Requirements
There are several methods to deploy {{COMPANY_NAME}} scanners, with the easiest being Agent-Based Deployment. However if that does not work for your environment or you have other controls that preclude installing {{COMPANY_NAME}} agents onto hosts, it is vital that you review the Deployment Planning section of the documentation.
Securing the {{COMPANY_NAME}} console itself and the digital communications it requires is documented in our Security Guide. Fundamental considerations are documented there, but as always a layered approach to security relevant to the requirements of your particular environment should be planned and implemented. Firewall Configuration, understanding How {{COMPANY_NAME}} Scans Work, and the Other Items sections of the Security Guide should all be reviewed.