Secunia Corporate Software Inspector (Secunia CSI) ver.5.0

Transcription

1 TECHNOLOGY AUDIT Secunia Corporate Software Inspector (Secunia CSI) ver.5.0 Secunia Reference Code: OI Publication Date: December 2011 Author: Andy Kellett SUMMARY Catalyst Organizations need to be risk aware. Facing targeted and persistent threats against their business systems, organizations must improve their approach to security and the delivery of security management services. Business systems are regularly breached because of existing vulnerabilities. Therefore, an important part of redressing the balance and keeping organizations safe involves identifying program and application vulnerabilities and addressing them before an attack takes place. Secunia CSI offers vulnerability scanning and security management facilities and provides risk assessments, while evaluating the security state of legitimate programs. Vulnerability remediation the delivery of patches is addressed through integration with the Microsoft Windows Server Update Service (WSUS) and System Center Configuration Manager (SCCM). Key findings Secunia CSI is relevant to any organization that needs to be certain that the programs it deploys are up-to-date and do not represent a security threat. Secunia CSI is useful for organizations wanting a centralized security overview and an easy approach to reporting on vulnerabilities, patches, and security levels. Organizations can use Secunia CSI to remove unauthorized and insecure programs. Ovum (Published 12/2011) Page 1

2 Virtual as well as physical desktops and servers can be protected. Secunia CSI is a nonintrusive and scalable scanning product that supports Microsoft and Mac OS platforms. It supports Apple OSX, but not other Apple ios and smartphone platforms. Ovum recommends The CSI product is suitable for organizations that need to protect 100 or more devices. Organizations in the government, IT, energy, education, and finance sectors have provided the highest levels of take-up, mainly due to compliance and regulatory demands. Secunia CSI is best suited to organizations that have an administrator function and staff responsible for security management. However, a version of the product is also available for small businesses. Organizations select the CSI product because of its continuous security-scanning and reporting facilities and the resultant ability to maintain a consistent and compliant security posture. Value proposition Secunia is privately held and is an established player in the vulnerability-management sector. Over the years Secunia s organic growth has been higher than the market average, and the company is profitable with no existing debt. Its customer base numbers in the thousands and includes Global 2000 and Fortune 500 organizations. The latest version of Secunia CSI (version 5.0) builds on the solid foundations of a product that already has more than 1,000 business clients. Platform support, which has traditionally been focused on Microsoft Windows, has been extended to Mac OS platforms. Pressure to support Linux, Unix, and a host of smartphone and ios platforms will come in the not-too-distant future, but for the moment not covering these platforms is not seen by clients as a deal breaker. The primary role of Secunia CSI is to scan the endpoints in corporate networks and assess the risk of programs and applications that represent a potential security threat, are out of date, or could be vulnerable because the latest patches have not been applied, or should not be there at all. One of the product s key advantages is its ability to scan all hosts in a network using a choice of local agent or remote agent-less scanning. Scanning results are correlated by Secunia s Vulnerability Intelligence (VI) product which provides reporting and a security status overview of the Ovum (Published 12/2011) Page 2

3 organization. The advantage that the optional agent-based component adds is one of automated control; the agent when deployed on target hosts is able to perform scheduled or on-demand scans. New features of the Secunia CSI 5.0 release include: Facilities that allow program updates to be customized to fit user-specific requirements, provide the ability to install non-security-related applications, and uninstall unwanted software. Support for the Mac OS. The ability to scan, secure, and control software on hosts that make only occasional contact with the company network or are decentralized; this is achieved using Secunia Personal Software Inspector (PSI). The CSI reporting engine has been updated to provide more flexibility for remediation, management, and compliance reporting. Local database and console management facilities now allow CSI console users/administrators to create SQL queries and extract data in a comma separated value (CSV) file format. SOLUTION ANALYSIS Functionality Secunia CSI conducts vulnerability scans on programs and applications on Windows and Mac computers. The product's scanning engine operates as a trusted application that runs on corporate networks with administrative privileges. This privileged status allows Secunia CSI to log into and work with each business machine that needs to be evaluated. Secunia CSI identifies and reports on the status of installed programs and applications. It determines each entity's status based on intelligence held on the Secunia Advisory and Vulnerability Database. The database is used to assess the security state of each program and decide what actions should be taken when vulnerabilities are found. It also integrates with Microsoft WSUS and SCCM to deploy patch updates. The Secunia CSI architecture diagram (Figure 1) shows how the key components interact in a live environment. Ovum (Published 12/2011) Page 3

4 The Secunia CSI front-end administration console provides a lightweight and intuitive graphical user interface (GUI). It allows administrators to manage scanning activities, evaluate results and reports, and determine remedial actions. The Secunia CSI back end is a hosted service delivered using the Secunia data processing cloud. It is responsible for correlating scan findings with Secunia s Vulnerability Intelligence services. The Secunia CSI Agent, when deployed on target hosts, performs scheduled or ondemand scans. Alternatively, Secunia CSI can scan all hosts in the network using a remote, agent-less approach. Figure 1: The Secunia CSI service delivery architecture Source: Secunia O V U M To complete the security management cycle, Secunia CSI is able to list all programs and applications that are patched and up-to-date and ensure that patches are deployed when required. It also helps identify unwanted programs and applications. An associated and complementary Secunia product is the Secunia Vulnerability Intelligence Manager (VIM). The VIM vulnerability-management tool provides organizations with a dashboard Ovum (Published 12/2011) Page 4

5 interface. It helps track and manage vulnerability intelligence data. It can also be used to help administrators to obtain an overall view of present and emerging vulnerability threats that could affect their networks. Go-to-market strategy Secunia CSI is sold directly to market by the company's sales team. Technology specialists provide both implementation support to help customers deploy the product and continuing support during its entire lifecycle. The overall objective of Secunia s go-to-market strategy is to provide an accurate, comprehensive, and timely overview of each customer's infrastructure and offer remediation when vulnerabilities are found. CSI scanning services are supported by the expertise of the Secunia research team, which offers extended vulnerability remediation services. The product is straightforward to install and use; organizations can expect to be patching systems within a few hours of deployment. The solution can be adapted to fit into any environment. Its flexible approach allows organizations to benefit from their existing infrastructure by using Microsoft WSUS and SCCM for patching or by exporting scan results for use by an existing SIEM or GRC tool. Secunia's mainstream vulnerability scanning and patch management competition comes from Eminentware, eeye, Lumension, and Shavlik, among others. Deployment Secunia CSI is simple to implement. The main overhead is the deployment of a simple, selfmaintaining agent. However, use of the agent is optional as scans can be undertaken using an agent-less approach. IT security users and other responsible staff will usually manage the solution on an ongoing basis, but at the implementation stage the internal skills required involve an administrator with full administration credentials. For larger projects additional internal IT resources are needed to support the rollout of Secunia CSI agents across the organization. Typical deployment timescales are around four hours for a pilot project, around eight hours for a 30-user departmental deployment, and around sixteen hours for a larger 500-user enterprise-wide deployment. Customer deployment examples Company A has around 150 hosts. It needed an easy-to-use scanning and vulnerability management solution to ensure each host was kept up-to-date and Ovum (Published 12/2011) Page 5

6 secure. It already had Microsoft WSUS facilities in place for deploying Microsoft updates, but third-party programs were handled separately. The company also faced patch management update and verification issues. After selecting and deploying Secunia CSI, IT managers were able to manage and deploy patches for third-party applications using the existing WSUS infrastructure. A clear overview of what needs to be patched is provided based on the criticality ratings issued by Secunia. Work can be prioritized based on risk and remediation effort. As a result, the client has saved resources as central management can now be handled by one person who has a clear view of what systems need to be patched. Company B has over 10,000 hosts. Prior to deploying the Secunia CSI solution its systems were maintained by dedicated teams of IT and security experts. The company already used Microsoft SCCM to track its software inventory, supplemented by the System Center Updates Publisher (SCUP) to create custom updates. The client now uses Secunia CSI to create an overview of its network and uses its criticality ratings to prioritize remediation efforts. CSI complements and integrates with SCCM, allowing the client to patch third-party programs and applications, and removes the need for SCUP. Using the Secunia CSI product has reduced IT resource overheads and freed up those resources for other assignments. The CSI reporting engine is used to generate reports for the company's management team and for extracting scan results for import into an existing SIEM tool. Ovum (Published 12/2011) Page 6

7 DATA SHEET Key facts about the solution Table 1: Data sheet Product name Secunia Corporate Software Inspector (Secunia CSI) Product classification Vulnerability scanning, assessment, and management Version number Version 5.0 Release date August 2011 Industries covered Financial services, government, education, energy & utilities, healthcare, and others. Geographies covered Primarily Europe and North America Relevant company sizes Small, medium, and large Platforms supported Microsoft Windows Apple OSX (Mac) Languages supported English Licensing options Perpetual Deployment options On-premise On-premise (managed) Hosted (dedicated) SaaS Route(s) to market Direct sales, partner sales URL Company headquarters Copenhagen, Denmark European headquarters Asia-Pacific headquarters Secunia Weidekampsgade 14 A DK-2300 Copenhagen S Denmark N/A North America headquarters N/A Source: Ovum O V U M Ovum (Published 12/2011) Page 7

8 APPENDIX Methodology Ovum Technology Audits are independent product reviews carried out using Ovum s evaluation model for the relevant technology area, supported by conversations with vendors, users, and service providers of the solution concerned, and in-depth secondary research. Further reading Secunia Vulnerability Intelligence Manager, Technology Audit, OI , (July 2011). Author Andrew Kellett, Senior Analyst, Infrastructure Solutions, Security andrew.kellett@ovum.com Ovum Consulting We hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Ovum s consulting team may be able to help you. For more information about Ovum s consulting capabilities, please contact us directly at consulting@ovum.com. Disclaimer All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without the prior permission of the publisher, Ovum (an Informa business). The facts of this report are believed to be correct at the time of publication but cannot be guaranteed. Please note that the findings, conclusions and recommendations that Ovum delivers will be based on information gathered in good faith from both primary and secondary sources, whose accuracy we are not always in a position to guarantee. As such Ovum can accept no liability whatever for actions taken based on any information that may subsequently prove to be incorrect. Ovum (Published 12/2011) Page 8