Abstract: The present invention provides a means of providing computer security vulnerability information to a plurality of organizations such that the vulnerability information provided to each organization is customized to its network environment. Each organization has an Enterprise Server. An asset management module in each organization's Enterprise Servers sends device configuration information to a system at a Co-Location Facility. The Co-Location Facility system aggregates this data. Information concerning vulnerabilities is also gathered from computer equipment vendors on an ongoing basis. This vulnerability information is compared to the aggregated data from the organizations' Enterprise Servers, and only the vulnerability information relevant to each organization is delivered back to that organization.

Abstract: The present invention provides a system and method to provide a measurement of the risk that a computer network may have to computer security threats. The system includes a collocation facility that is coupled to a plurality of computer security management systems. Some or all of the vulnerability information is reported to the collocation facility. At the collocation facility, this information is compared to a standard. This comparison yields a number or other measurement of that organization's risk in its computer security. The collocation facility can then report this measurement to any information user that wishes to know what the vulnerability is for that organization.

Abstract: The present invention provides a system with a first controller device that exercises control over one or more secondary controller devices and one or more remote testing devices. The remote testing devices accomplish all scanning of the distributed networks but remain under the control and management of the controller device. To complete a vulnerability assessment of the entire distributed network, the controller device schedules scans for each of the remote testing devices. The remote testing devices scan the network to which they are attached. Each remote testing device reports the results of the several scans to the controller device. The controller device also manages regulatory compliance information for the system. The controller device may consolidate the results to create an organization-wide vulnerability and compliance database.