Spartan
A tool for better vulnerability management
Targeted at Critical Infrastructure
Developed for and by the energy sector, Spartan has a built-in understanding of the unique challenges and constraints to managing software vulnerabilities for critical infrastructure.
Machine Learning Created for You
We take a different approach to patching. With an easy to use interface, Spartan automates vulnerability analysis using past patching decisions made on critical infrastructure to predict remediation actions & risk level.
Optimize Your Work
Improve the efficiency of software patching by packaging the work in a way that saves the most time. Our software saves an average of 2000 yearly man hours, by automating reporting and patching on your work schedules.
The vulnerability management process provides highly consistent data about organizational risk decisions. This data has the potential to train predictive models with high accuracy, but pulling together the right data can take a ton of extra work.
Spartan fills this gap. It combines both vulnerability and organizational data with your decision-making process in an easy-to-use interface. Where most artificial intelligence solutions in cybersecurity lack customization options or restrict access to models, we put you in the driver’s seat. With only a few hours of decision-making, you have a powerful ML model that fits solely within your organization’s context.
Spartan fills this gap. It combines both vulnerability and organizational data with your decision-making process in an easy-to-use interface. Where most artificial intelligence solutions in cybersecurity lack customization options or restrict access to models, we put you in the driver’s seat. With only a few hours of decision-making, you have a powerful ML model that fits solely within your organization’s context.
Through our cloud service, Phalanx, your local Spartan installation continually receives the latest data ready-made for automated AI analysis. We pull from over a dozen publically-available feeds, including the National Vulnerability Database, large software and operating system vendors, Linux projects, and vulnerability exploit forums.
Although Phalanx provides real-time vulnerability data, we understand the sensitivity of vulnerability management. All of Spartan's data storage and processing, including all data about organizational assets, rests entirely within your network.
Although Phalanx provides real-time vulnerability data, we understand the sensitivity of vulnerability management. All of Spartan's data storage and processing, including all data about organizational assets, rests entirely within your network.
Much of today’s patch management work is driven by compliance requirements. This is certainly the case in the electric sector where 100% compliance is expected for vulnerability and patch management. Spartan has compliance checks built in to support the high standards of compliance regulations. The user is notified of gaps in the applicable vulnerabilities, patch source identification, and work management. Due dates are included in each work cycle to ensure users have awareness of upcoming deadlines.
Compliance-specific requirements are also baked in. For example, in the electric industry, some vulnerabilities are tracked from a vendor’s authorization and testing. Spartan provides for uploads of vendor test reports to better align security patch due dates with the compliance requirements.
Compliance-specific requirements are also baked in. For example, in the electric industry, some vulnerabilities are tracked from a vendor’s authorization and testing. Spartan provides for uploads of vendor test reports to better align security patch due dates with the compliance requirements.
Spartan is available as a downloadable virtual device designed to easily integrate into your existing IT infrastructure. It is a decision-maker and not a scanner. So, you do not need to add a lot of firewall rules to get it working. A step-by-step setup tool gets you securely up and going with high-quality decisions in less than a day.
The only thing you need to supply is a list of your cyber assets and software assets from existing vulnerability or software asset management tools in your infrastructure. Then, using our simple CSV imports or easy-to-use APIs, you can upload and maintain the data input.
The data needed for machine learning are maintained in asset groupings. For example, the characteristics of a network switch are the same regardless of how many you have. So, you only need to provide data for a small set of asset groups. This minimizes the on-going maintenance of the asset data.
The only thing you need to supply is a list of your cyber assets and software assets from existing vulnerability or software asset management tools in your infrastructure. Then, using our simple CSV imports or easy-to-use APIs, you can upload and maintain the data input.
The data needed for machine learning are maintained in asset groupings. For example, the characteristics of a network switch are the same regardless of how many you have. So, you only need to provide data for a small set of asset groups. This minimizes the on-going maintenance of the asset data.
Security teams are saturated with software tools, and the last thing teams need is another software tool to manage. Spartan provides this by enhancing your existing tools with a light software footprint. There are no clients to deploy, no long lists of firewall rules to add, and no complex system architectures to develop.
The data from software vulnerability reporting is nice and tidy, but the way software vendors report themselves on your systems is a disorganized mess! Spartan makes this complex match for you. Using the Common Product Enumerator (CPE) standard from the National Vulnerability Database, your cyber asset and software inventory gets matched to ensure 100% coverage of known vulnerabilities for your assets.
We provide and maintain a basic set of matching rules, and provide an easy-to-use interface for the remaining matches.
We provide and maintain a basic set of matching rules, and provide an easy-to-use interface for the remaining matches.
Organizations don’t manage security patches one by one, and your software shouldn’t either. Spartan is focused on cybersecurity work efficiency from beginning to end. Vulnerabilities get packaged into a set of software patches, and we generate an optimized work plan for you based on these patches.
Everything in Spartan is based on a work cycle. Teams can define whatever cycle works best for them (e.g. weekly, monthly, etc.). Then new vulnerabilities are processed and assigned work based on the work cycles.
Each asset group (e.g. operator workstations, network switches, web servers, etc.) is assigned a default deadline and patching cycle. The primary time savings in Spartan comes from the patching cycle. Most organizations have a backstop when they will patch systems (e.g. quarterly, annually, next outage, etc.). Then, Spartan assigns patches to work cycles based on the AI analysis. The work plan groups all of the same types of assets together with the same due dates and work plans are assigned to the asset group team.
A valuable outcome of this grouping is a more realistic time estimate of the work. The time for patching goes far beyond just applying the patch. Organizations coordinate testing, downtime, and validation. In many cases, the actual patch application is a small fraction of the overall time spent by the organization coordinating downtime. This differs greatly by the asset group. For example, operator workstations may take almost no coordination to apply patches. However, taking down a core networking switch for patching may involve months of planning. Spartan’s realistic time estimates allow the organization to better understand the true cost of vulnerability management.
Everything in Spartan is based on a work cycle. Teams can define whatever cycle works best for them (e.g. weekly, monthly, etc.). Then new vulnerabilities are processed and assigned work based on the work cycles.
Each asset group (e.g. operator workstations, network switches, web servers, etc.) is assigned a default deadline and patching cycle. The primary time savings in Spartan comes from the patching cycle. Most organizations have a backstop when they will patch systems (e.g. quarterly, annually, next outage, etc.). Then, Spartan assigns patches to work cycles based on the AI analysis. The work plan groups all of the same types of assets together with the same due dates and work plans are assigned to the asset group team.
A valuable outcome of this grouping is a more realistic time estimate of the work. The time for patching goes far beyond just applying the patch. Organizations coordinate testing, downtime, and validation. In many cases, the actual patch application is a small fraction of the overall time spent by the organization coordinating downtime. This differs greatly by the asset group. For example, operator workstations may take almost no coordination to apply patches. However, taking down a core networking switch for patching may involve months of planning. Spartan’s realistic time estimates allow the organization to better understand the true cost of vulnerability management.
Reporting is not just a side product of Spartan. It is one of the core functions. For each work cycle, Spartan provides both a lovely summarized report and the gory details. The summary provides a risk assessment and time cost assessment of the work cycle to keep the organization a truer picture of its vulnerability management risk and work.
The gory details are provided as spreadsheets for a snapshot of all the automated analysis and decision making processes for the work cycle. This serves to provide more trust and accountability in the AI decision making, and it also supports external review and audit of the work cycle.
The gory details are provided as spreadsheets for a snapshot of all the automated analysis and decision making processes for the work cycle. This serves to provide more trust and accountability in the AI decision making, and it also supports external review and audit of the work cycle.