Home » Help »

Vulnerability Manager Plus Cloud Architecture

The Vulnerability Management Architecture

ManageEngine Vulnerability Manager Plus is a cloud-based solution that provides continuous identification, assessment, and remediation of vulnerabilities across an organization’s IT environment. It performs real-time vulnerability scans, automates patch management for operating systems and third-party applications, monitors compliance with security standards, and delivers detailed reports and insights to support timely remediation. The solution also includes a Quarantine capability that isolates high-risk or compromised endpoints to prevent potential threats from spreading across the network. Overall, it ensures effective protection of endpoints and servers while streamlining security and compliance management.

The Vulnerability Manager Plus Cloud Architecture consists of the following components:

Vulnerability Manager Plus Cloud Architecture

Vulnerability Manager Plus Cloud Architecture diagram

 Fig: Vulnerability Manager Plus Cloud Architecture

Security Research Team

The Security Research Team at Zoho Corp. plays a vital role in maintaining cybersecurity as they . They continuously probe the internet to:

  • Obtain vulnerability information along with its CVE ID, CVSS scores, severity, details on exploit code and patches.
  • Download Microsoft, Apple, Linux and other third-party patches from respective vendor sites.
  • Derive security configurations for systems and hardening guidelines for servers from widely trusted benchmarks such as CIS and STIG.
  • Obtain information on software such as End-of-Life, Remote Desktop sharing, and Peer-to-Peer software that are deemed unsafe by itself.
  • Maintain 90+ CIS benchmarks for compliance audits

Then the authenticity and functional correctness of the patches are tested and correlated with the corresponding vulnerability it addresses.

Central Database

The Central Vulnerability Database hosted at the Zohocorp site gets updated periodically with the latest details of

  • Known and emerging vulnerabilities
  • Latest patches that are released by Microsoft, Apple, Linux and other 3rd party vendors
  • Security configuration baselines and remediation content
  • High-risk software list
  • New compliance policies and changes related to existing policies

The Central Vulnerability Database is a portal in the Zoho Corp. site, which is constantly updated with the latest information that serves as the baseline for vulnerability management in the customer organization.

Distribution Server (AD Connector)

The Distribution Server of Vulnerability Manager Plus Cloud primarily acts as an AD Connector for your network. In addition, this can be used as a distribution point to streamline the bandwidth rates through your network. Distribution Server can be setup in any one of your remote/branch offices. IT administrators can setup the distribution server with replication policy rules (the data will be replicated from central server to distribution server based on this rule). In addition, the distribution server synchronizes with the Vulnerability Manager Plus Cloud server for missing patch details. These patches are then downloaded directly from the respective vendor's website and distributed across the branch office agents depending on the status of the missing patches on each computer.

Vulnerability Manager Plus Cloud, being a domain based approach to your endpoint solution, will sync resources information from active directory or workgroup. In cloud hosted setup, business can populate the resource information using AD Connector.

Note: All Linux agents (including the ones under the Distribution Server) will directly download patches from the vendor websites.

Ports

Ports used by Vulnerability Manager Plus Cloud are 443 for server-agent communication and 8384 for communication between (remote) agent and distribution server.