Secunia Corporate Software Inspector
|
|
- Valentine Hensley
- 8 years ago
- Views:
Transcription
1 Reference Code: TA001957SEC Publication Date: August 2010 Author: Karthik Balakrishnan and Andy Kellett TECHNOLOGY AUDIT Secunia Corporate Software Inspector Secunia SUMMARY IMPACT The growing range of software and application threats and the need to adhere to regulatory controls has caused the volume of patches and software updates to increase. Organizations need to have software protection controls as part of their risk-management strategy. Facilities should include automated vulnerability detection and patch-management deployment to ensure that service delivery is addressed securely and efficiently. Secunia Corporate Software Inspector (CSI) incorporates these security-management capabilities into its vulnerability scanning services as well as providing automated patch-repackaging facilities for real and virtual Microsoft operating systems, where it addresses vulnerabilities in both Microsoft and third-party applications. Secunia CSI suits any organization with a need to identify vulnerable software across an extensive range (covers programs from more than 2,500 vendors) of Microsoft and third-party applications. Secunia s authenticated vulnerability and patch-management scanner gives organizations the ability to identify missing patches and vulnerable applications across all areas of the business. Financial services organizations (typically large banks with many locations), energy providers, IT, and the government and education sectors are Secunia s core markets. KEY FINDINGS Strengths: A comprehensive solution that is driven by the ability to perform complete application scanning, vulnerability analysis, and patch management through a single product set. A non-intrusive and scalable offering that supports an extensive range of Microsoft, thirdparty applications, and legacy products, focusing on vulnerabilities rather than devices. Weaknesses: Currently only operates across Microsoft platforms. Does not provide out-of-the-box compliance-specific reporting. Key Facts: i Offers a mix of agent-based and agent-less scanning approaches. i Provides extensive coverage of third party programs in addition to Microsoft. Ovum. This Technology Audit is a licensed product and is not to be photocopied Page 1
2 OVUM VIEW The processes associated with software-vulnerability identification and the management of patching updates have traditionally been cumbersome, resource-hungry, and difficult to deliver in an operationally effective manner. Because of this many enterprises have neglected their vulnerability-checking and patchmanagement obligations or restricted these operations to the bare minimum. Secunia addresses these issues with its CSI product by inspecting local files rather than conducting traditional network-based vulnerability scanning. This approach enables the automated discovery and scanning of an extensive range (the latest count shows that the company covers programs from more than 2,500 vendors that can be referenced in the Secunia database) of third-party as well as Microsoft programs. It addresses all machines in the network to assess their vulnerabilities and patch status, and also provides an impressive level of automatic remediation services. In Ovum s view, one of the product s key advantages is its ability to offer clients the choice of agent-based or agent-less scanning approaches. This provides flexibility in the management of scanning processes through scheduling and logical hierarchical grouping of the Windows infrastructure. Initially Secunia concentrated on the delivery of its vulnerability intelligence (VI) services. The introduction of CSI strengthen the company s software management position by adding software inspection scanning and assessment capabilities, and with the latest release (CSI version 4.0) application remediation services have been included. This is achieved because CSI now integrates with Microsoft WSUS and Microsoft SCCM, allowing Secunia to offering patch remediation services. Importantly, in Ovum s opinion, this means the company now has the opportunity to occupy a more prominent place among the leading software vulnerability and patch-management vendors. Secunia is privately held and has gone from being a very successful start-up company to become an established player in the vulnerability-management sector. Over the years Secunia s organic growth has been higher than the market average, and the company is profitable with no existing debt. Its customer base is counted in thousands and includes Global 2000 and Fortune 500 organizations. Recommendations Secunia CSI is suitable for any organization with the need to protect 100 or more devices. Organizations in the government, IT, energy, education, and finance sectors have provided the company s strongest areas of success. This is due to the strength of the product s regulatory and associated industry control facilities. Secunia CSI is not positioned as a small-user system and cost overheads could prove prohibitive. It is best suited to organizations that have an administrator function and staff responsible for security management. However, to address these issues the company has plans to introduce small-user versions of the product that would be sold via resellers. Organizations typically select Secunia CSI because of the product s ability to provide continuous and ongoing security-scanning and reporting facilities that help to maintain a consistent security posture. Ovum. This Technology Audit is a licensed product and is not to be photocopied Page 2
3 FUNCTIONALITY SOLUTION OVERVIEW Secunia CSI conducts authentication scans of all computers in an organization s network to identify and report on the status of installed programs and plug-ins. The advantage of CSI is that it scans all computers based on the actual system files (such as.exe,.ocx, and.dll) in the scanned operations. The collected metadata is sent to the CSI central-processing facility where it is linked to Secunia s product and vulnerability database to maintain an inventory of installed programs and plug-ins. The results are then correlated with the Secunia vulnerability database based on the company s up-to-date vulnerability intelligence. Scan information includes full installation paths, version details, direct links to patches, and criticality ratings. The scanning facility also detects and reports on end-of-life programs and plug-ins. This is important as software that has reached its end-of-life status can be dangerous because of a potential lack of vulnerability information and new security updates. Figure 1: Secunia CSI Architecture Source: Secunia O V U M Ovum. This Technology Audit is a licensed product and is not to be photocopied Page 3
4 The Secunia vulnerability and product databases provide vital program vulnerability results and patch remediation information. They are used to help organizations to proactively obtain details on the patch status of all their operational software along with their risk ratings and alternative mitigation strategies. Every program is directly referenced to the corresponding Secunia Advisory, which provides detailed explanations about all vulnerabilities along with expert-assessed criticality ratings and impact status. Once all program and related remediation requirements are confirmed, Secunia CSI can be used to integrate with Microsoft WSUS and Microsoft SCCM to provide simplified patch management, facilitating the distribution of the latest security updates for both Microsoft and third-party programs. This approach has the added advantage that most administration teams are already familiar with Microsoft WSUS and SCCM and therefore the end-to-end software protection processes of CSI and its patch management remediation services are delivered using common interfaces that customers are comfortable with. Secunia CSI is also capable of listing all programs and plug-ins that are patched and up-to-date, ensuring that patches are deployed regularly and when required. This helps organizations supplement the evaluation of their other asset and license-management tools, and allows them to track the installation of unapproved programs and plug-ins. Other complementary Secunia products include the Secunia VIF and Secunia EVM: Vulnerability Intelligence Feed (VIF) Secunia VIF provides organizations with all the latest vulnerability intelligence details. It filters, verifies, and analyzes vulnerability information, making it easier for organizations to distribute it. Vulnerability intelligence is obtained by the VIF from Secunia s advisory database, enabling Secunia s research experts to verify all vulnerabilities in detail, and in turn provide organizations with remediation plans for handling threats effectively. Secunia VIF provides proof-of-concept for vulnerabilities and helps to determine if all program installations are secured properly or remain vulnerable. In addition to providing organizations with a technical analysis of vulnerabilities, which provides an insight into impact and mitigation strategies such as network rules or configurations, it allows organizations to take the required preventive measures. Enterprise Vulnerability Manager (EVM) Secunia EVM is a vulnerability-management tool. It provides organizations with a dashboard interface facility that helps track and manage all vulnerability intelligence data. The dashboard interface enables administrators to obtain an overall view of present and emerging vulnerability threats (including zero-day threats) that could affect the network. The tool allows administrators to register all components or only the infrastructure components (depending on the user) that fall within their remit. This approach can be used to control the vulnerability analysis data, which is filtered and communicated, ensuring that only significant or relevant threat alerts get sent to users. The tool supports task delegation through the allocation of sub-users or multiple users to handle specific layers, segments, or regional parts of the organization. It also allows administrators to track and document various advisories that are being handled, helping administrators to adhere to remediation best practices. Ovum. This Technology Audit is a licensed product and is not to be photocopied Page 4
5 SOLUTION ANALYSIS Ease of implementation and use In Ovum s opinion, one of the key advantages of Secunia CSI is the ease with which it allows authorized users to manage vulnerability intelligence information through a centralized dashboard. In terms of its implementation infrastructure, Secunia CSI s architecture value comes from the fact that it can be deployed using a combination of agent-based and agent-less approaches. Although, an agent-less architecture is typically more flexible than having to install and maintain thousands of individual software agents, the agentbased approach provides greater value in cases where bandwidth is limited or inconsistent, or where the systems and machines involved are intermittently offline. The combination of these approaches also helps to ensure that the use of Secunia CSI is able to grow and be integrated alongside organizational expansion plans by providing the flexibility to increase the numbers of machines and software product installations supported. Ability to patch virtual machines Secunia CSI also stands out because of its ability to keep pace with the need to support the latest operating environments through its capability to support patching for virtual machines (VMs). This is essential in order to overcome the general problems caused by VM operations and specifically those caused through variable usage when VMs are brought online infrequently and are therefore potentially susceptible to being deprived of the latest security patches and application updates. Patches are distributed through Microsoft WSUS or SCCM, allowing updates to take place as soon as machines are brought online. Ability to handle the end-to-end scanning through to patch-management process Secunia has extended its vulnerability scanning, analysis, and software management services, to include a patch-management and remediation module in its portfolio, in order to keep up with increasing competition in the company s core markets. Secunia CSI integrates with Microsoft WSUS and Microsoft SCCM in order to ensure that all patches can be deployed across Microsoft as well as other third-party software. Using WSUS integration, Secunia CSI handles the complete patch distribution processes across Microsoft and third-party programs. Secunia CSI initially identifies all insecure programs, automatically repackages the patches, and publishes them onto the WSUS, which then handles patch distribution. Secunia CSI also tracks patch-deployment status in order to support audit and security-management requirements. While Microsoft SCCM is itself capable of configuring, managing, and keeping an up-to-date patch status for Microsoft applications on all servers and desktops, it lacks the ability to track third party software inventory, and its inability to map this to security intelligence related to software is a major shortfall. Secunia CSI helps SCCM to overcome this through the use of its integration capabilities. In functional use Secunia CSI uses SCCM s patch-management capabilities and then makes use of its own internal facilities to track all inventory systems, ensuring that the integration complements both Secunia and Microsoft operations. All inventory traced by Secunia CSI is mapped to the security intelligence data to track patch status, while Microsoft SCCM handles patch-deployment activities. Ovum. This Technology Audit is a licensed product and is not to be photocopied Page 5
6 Research and vulnerability analysis team In Ovum s opinion, another major strength of the Secunia CSI offering is the use that it makes of the company s intelligence vulnerability database. This is a mature database product that was developed before CSI was available by Secunia s team of research experts. While most of Secunia s competitors use ad hoc vulnerability information gathered from a variety of sources, Secunia s research experts conduct in-house research alongside the regular collection of information from sources such as websites, mailing lists, news groups, vendors, and other security researchers. The advantage of this approach is that all the collected information is assessed, verified and tested, by the Secunia research team before being published, and based on this intelligence the patch status requirements of applications and programs is determined. The advisory database provides users with detailed information about each new vulnerability to ensure that customer organizations obtain the necessary information to enable them to clearly understand the security issues, estimate the business impact, and make informed riskbased decisions about how threats should be handled. Secunia is also able to provide organizations with direct access to its security research experts who can help to clarify any end-user doubts about existing and newly discovered threats. Centralized administration and reporting capabilities Secunia CSI allows organizations to centrally define operational rules. For example, administrators can define what actions are taken when an end-of-life program is identified. This allows organizations to manage their own risk profile and control vulnerability and patch-management processes. The rules and processes that administrators are able to define vary according to applications, departments, and user-group requirements, and can be tailored to ensure that compliance requirements are addressed. Secunia CSI comes with pre-built reports and a reporting tool that helps users to tune the information provided to ensure that it fits end-user requirements. Flexible reporting can be based on key reporting criteria such as vendors, groups of users, patching levels, and vulnerability levels. The product is capable of providing very detailed reports as well as overview versions to support the decision-making needs of senior managers. The reporting tool is simple to use and host- and program-level reports that contain lists of missing patches can be used to provide corrective and remediation information. Where further analysis is required reports can be extracted in PDF format. One shortfall that Secunia says it is keen to address is the lack of availability of specific compliance-based reports. PRODUCT STRATEGY Secunia CSI has been designed to be applicable to Microsoft infrastructures and is available in a range of versions that suit organizations of different sizes. The product versions include: CSI-Small Business (maximum 100 hosts), CSI (100 to 400 hosts), CSI-Professional (400 to 1,000 hosts), CSI-Enterprise (more than 1,000 hosts and includes user management facilities), and CSI-Server, which is targeted at multinational enterprises (MNEs), specifically those in the financial and pharmaceutical sectors. Secunia CSI contracts are sold using a licensing model, customers subscribe for a period of one, three, or five years. All service costs are included in the license fee, and additional support options are available where required. Ovum. This Technology Audit is a licensed product and is not to be photocopied Page 6
7 Secunia s main route to market is via a direct sales team, which contributes the majority of the company revenues, OEM/ODM and channel partners contribute a smaller yet growing share. The company has also recently started selling its products online. Although the geographic spread for the CSI product is global, Secunia primarily focuses on the Nordics, DACH (Deutscher Sprachraum, German-speaking Europe), and North America. In vertical industries Secunia CSI is mainly targeted at the financial services, government, IT, energy, and education sectors. Secunia has key business partnerships with Seccom Global (Asia-Pacific), CTMS (UK), and SecureOps (USA). The AV vendor Kaspersky is positioned as a technology partner (it has chosen to use Secunia CSI to offer a vulnerability scanner with its Internet Suite). IMPLEMENTATION Secunia CSI is defined as being simple to implement. The overheads of a complete technical implementation mainly revolve around the deployment of a simple agent that is capable of maintaining itself. Use of the agent is also optional as scans can be undertaken using an agent-less approach. IT security workers are responsible for managing the solution on an ongoing basis, but for implementation purposes the internal skills required involve an administrator with full administration credentials. For larger projects additional internal IT resources are needed to support the roll-out of further agents across the organization. Secunia also provides support options for online documentation (set-up guides and FAQ facilities) and webinars that guide users through the basics of CSI. In terms of professional services options during implementation, Secunia provides , phone, and web-based (GoToMeeting) support and can provide onsite installation and training sessions. Customer support options include standard, premium, and enterprise support. Standard support provides response facilities (based on Denmark standard time CET) with a response SLA of three working days. The premium option provides telephone and support, with a twoworking-day response time, and the enterprise option provides priority and direct telephone support from a dedicated specialist. The Secunia CSI small business product comes with standard support (later upgradable to other options), CSI Professional comes with a premium support option, and CSI Enterprise comes with enterprise-grade support. The solution can be deployed in either on-premise or SaaS modes. Further deployment options include agent-less out-of-the-box scanning of all systems on the network using standard Windows networking services, agent-based scanning of systems that are not always online, appliance mode, which enables agentless scanning from centralized hosts for remote sites or branch offices, and CLI mode that allows organizations to schedule and manage scans using other tools such as log-on scripts. Platform support is limited to Microsoft Windows environments. However, the company recognizes the need to extend its coverage and is working toward developing support for other environments in the near future. Ovum. This Technology Audit is a licensed product and is not to be photocopied Page 7
8 Deployment examples Herth+Buss Herth+Buss employs more than 200 staff in its automobile spare-parts operation. It was looking to implement a vulnerability-management solution capable of scanning, monitoring, patching, and reporting all in-house vulnerabilities against an established security baseline. It was keen to deploy a solution that was also capable of monitoring and patching all third-party updates. The Secunia CSI product was evaluated, and Herth+Buss found that it suited its extensive list of requirements, which included the need to perform daily scans on the company s critical servers and workstations, collect all required vulnerability intelligence data, and from the data provided to report on and patch all vulnerabilities. Indiana University Indiana University was using manual facilities to monitor and patch software vulnerabilities across more than 250,000 network devices spread across the university s eight campuses. With growing system numbers, the manual method was proving complex, difficult, and resource-heavy to support, and on occasion some vulnerability updates were missed. In order to overcome these issues, it was looking to deploy a solution that would be able to automatically perform vulnerability identification and remediation and help it to improve its overall risk-management and IT support efforts. Secunia CSI was chosen because it enabled IT to remove existing manual support processes and automate the entire vulnerability-scanning system. The solution s ability to provide prioritization reporting and remediation tracking, and handle security and risk-management initiatives, also helped the university to achieve its IT governance goals. Niko Group Niko Group is an electronic and electrical solutions provider with about 600 staff. Its requirement was to deploy a security solution capable of performing automated and detailed vulnerability analysis and reporting. Secunia CSI, with its ability to perform automated scanning to detect software vulnerabilities, provide detailed analysis on the vulnerabilities found, and remediation suggestions very closely matched the requirements of Niko. Secunia s ability to scan Microsoft and third-party programs, inspect them for their version information, assess them for critical vulnerabilities, and detect end-of-life programs allowed Niko to make use of the technology to optimize its patch-management policies. It also chose CSI because of the solution s ability to allow it to centrally manage all vulnerability scans through a central management console and because of the range of reporting services that helped it to obtain an accurate view of its technology infrastructure and health status. Ovum. This Technology Audit is a licensed product and is not to be photocopied Page 8
9 Table 1: Contact Details Secunia Corporate Headquarters Weidekampsgade 14A DK-2300 Copenhagen S Denmark Tel: Fax: Source: Secunia O V U M Headquarters Shirethorn House, 37/43 Prospect Street, Kingston upon Hull, HU2 8PX, UK Tel: +44 (0) Fax: +44 (0) Australian Sales Office Level 46, Citigroup Building, 2 Park Street, Sydney, NSW, 2000, Australia Tel: + 61 (02) Fax: + 61 (02) End-user Sales Office (USA) 245 Fifth Avenue, 4th Floor, New York, NY 10016, USA Tel: Fax: Important Notice This report contains data and information upto-date and correct to the best of our knowledge at the time of preparation. The data and information comes from a variety of sources outside our direct control, therefore Ovum cannot give any guarantees relating to the content of this report. Ultimate responsibility for all interpretations of, and use of, data, information and commentary in this report F or more information on Ovum s Subscription Services please contact one of remains with you. Ovum will not be liable for any interpretations or decisions made by you. the local offices above. Ovum. This Technology Audit is a licensed product and is not to be photocopied Page 9
Secunia Corporate Software Inspector (Secunia CSI) ver.5.0
TECHNOLOGY AUDIT Secunia Corporate Software Inspector (Secunia CSI) ver.5.0 Secunia Reference Code: OI00070-107 Publication Date: December 2011 Author: Andy Kellett SUMMARY Catalyst Organizations need
More informationComplete Patch Management
Complete Patch Management Complete - Flexible Unique In- Depth Secunia CSI 7 Corporate Software Inspector Take control of the vulnerability threat and optimize your IT security investments. The Secunia
More informationSecunia Vulnerability Intelligence Manager
TECHNOLOGY AUDIT Secunia Vulnerability Intelligence Manager Secunia Reference Code: OI00070-076 Publication Date: July 2011 Author: Andy Kellett SUMMARY Catalyst Secunia Vulnerability Intelligence Manager
More informationComplete Patch Management
Complete Management Targeted, Reliable and Cost-efficient In- Depth CSI Corporate Software Inspector Empower your IT-Operations and Security Teams with the most reliable Vulnerability & Management solution
More informationVulnerability Management
Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other
More informationPATCH MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region
PATCH MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without
More informationEXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.
Non-intrusive, authenticated scanning for OT & IT environments The situation: convenience vs. security Interconnectivity between organizations and corporate networks, the internet and the cloud and thus
More informationComplete Patch Management
Complete Patch Management Targeted, Reliable and Cost-efficient Brief Secunia CSI Corporate Software Inspector Empower your organisation to take control of the vulnerability threat & optimize your ITsecurity
More informationShavlik Security Suite
Reference Code: TA001695SEC Publication Date: July 2009 Author: Somak Roy, Karthik Balakrishnan, and Alan Rodger TECHNOLOGY AUDIT Shavlik Security Suite Shavlik Technologies BUTLER GROUP VIEW ABSTRACT
More informationVulnerability Intelligence & 3 rd party patch management
Vulnerability Intelligence & 3 rd party patch management Presented By: William Hamilton Melby Company Overview Brief Secunia facts Established: 2002 HQ: Copenhagen, Denmark Regional office: Minneapolis,
More informationManaging non-microsoft updates
Managing non-microsoft updates With Microsoft s System Center Configuration Manager secunia.com 1 How to patch all your programs directly in Microsoft System Center 2012 A common perception is that System
More informationTotal Protection for Compliance: Unified IT Policy Auditing
Total Protection for Compliance: Unified IT Policy Auditing McAfee Total Protection for Compliance Regulations and standards are growing in number, and IT audits are increasing in complexity and cost.
More informationHow PatchLink Meets the Top 10 Requirements for Enterprise Patch and Vulnerability Management. White Paper Sept. 2006
How PatchLink Meets the Top 10 Requirements for Enterprise Patch and Vulnerability Management White Paper Sept. 2006 Introduction It happens, five, ten, twenty times a month: A hardware or software vendor
More informationIT Security & Compliance. On Time. On Budget. On Demand.
IT Security & Compliance On Time. On Budget. On Demand. IT Security & Compliance Delivered as a Service For businesses today, managing IT security risk and meeting compliance requirements is paramount
More informationForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)
ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM) CONTENT Introduction 2 Overview of Continuous Diagnostics & Mitigation (CDM) 2 CDM Requirements 2 1. Hardware Asset Management 3 2. Software
More informationVULNERABILITY MANAGEMENT
Vulnerability Management (VM) software differ in the richness of reporting, and the capabilities for application and security configuration assessment. Companies must consider how a VM technology will
More informationSWOT Assessment: FireMon Security Manager Suite v7.0
SWOT Assessment: FireMon Security Manager Suite v7.0 Analyzing the strengths, weaknesses, opportunities, and threats Reference Code: IT017-004174 Publication Date: 12 Aug 2013 Author: Andrew Kellett SUMMARY
More informationSecurity and Services
Written by Maxine Holt, May 2005 TA000824SAS Technology Infrastructure Butler Group Subscription Services Security and Services TECHNOLOGY AUDIT Symantec Corporation Managed Security Service (MSS) Abstract
More informationCautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work
Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work Security concerns and dangers come both from internal means as well as external. In order to enhance your security posture
More informationLumension Endpoint Management and Security Suite
Lumension Endpoint Management and Security Suite Patch and Remediation Module Evaluation Guide July 2012 Version 1.1 Copyright 2009, Lumension L.E.M.S.S:LPR - Table of Contents Introduction... 3 Module
More informationNetwork Security and Vulnerability Assessment Solutions
Network Security and Vulnerability Assessment Solutions Unified Vulnerability Management It s a known fact that the exponential growth and successful exploitation of vulnerabilities create increasingly
More informationKeeping your data yours.
CORPORATE BROCHURE Keeping your data yours. Since 2001, Outpost24 has been a leader in vulnerability management solutions, developing state of the art vulnerability management technology from the core
More informationKeeping your data yours
CORPORATE BROCHURE Keeping your data yours Outpost24 provides state of the art vulnerability management technology and services that simplify the complex security needs of modern businesses. Since 2001,
More informationLumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation
Lumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation Version 7.0 SP1 Evaluation Guide September 2010 Version 2.4 Copyright 2010, Lumension, Inc. Table of Contents Lumension Endpoint
More informationLumension Guide to Patch Management Best Practices
Lumension Guide to Patch Management Best Practices With the sophistication and sheer volume of exploits targeting major applications and operating systems, the speed of assessment and deployment of security
More informationScalability in Log Management
Whitepaper Scalability in Log Management Research 010-021609-02 ArcSight, Inc. 5 Results Way, Cupertino, CA 95014, USA www.arcsight.com info@arcsight.com Corporate Headquarters: 1-888-415-ARST EMEA Headquarters:
More informationIntegrated Threat & Security Management.
Integrated Threat & Security Management. SOLUTION OVERVIEW Vulnerability Assessment for Web Applications Fully Automated Web Crawling and Reporting Minimal Website Training or Learning Required Most Accurate
More informationSimply Sophisticated. Information Security and Compliance
Simply Sophisticated Information Security and Compliance Simple Sophistication Welcome to Your New Strategic Advantage As technology evolves at an accelerating rate, risk-based information security concerns
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationWhite Paper. What the ideal cloud-based web security service should provide. the tools and services to look for
White Paper What the ideal cloud-based web security service should provide A White Paper by Bloor Research Author : Fran Howarth Publish date : February 2010 The components required of an effective web
More informationSymantec Control Compliance Suite Standards Manager
Symantec Control Compliance Suite Standards Manager Automate Security Configuration Assessments. Discover Rogue Networks & Assets. Harden the Data Center. Data Sheet: Security Management Control Compliance
More informationVulnerability management lifecycle: defining vulnerability management
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
More informationLeveraging security from the cloud
IBM Global Technology Services Thought Leadership White Paper IBM Security Services Leveraging security from the cloud The who, what, when, why and how of cloud-based security services 2 Leveraging security
More informationxassets Hosted Services Microsoft SAM Assist Audits with xassets
xassets Hosted Services Microsoft SAM Assist Audits with xassets 2007-2010 xassets.com Limited Introduction... 2 Preparation... 2 Implementation... 3 Execution of Discovery... 3 Reporting Phase... 3 Information
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper Trend Micro, Incorporated» A detailed account of why Gartner recognizes Trend Micro as a leader in Virtualization and Cloud
More informationDevising a Server Protection Strategy with Trend Micro
Devising a Server Protection Strategy with Trend Micro A Trend Micro White Paper» Trend Micro s portfolio of solutions meets and exceeds Gartner s recommendations on how to devise a server protection strategy.
More informationDETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD
SOLUTION OVERVIEW: ALERT LOGIC THREAT MANAGER WITH ACTIVEWATCH DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD Protecting your infrastructure requires you to detect threats, identify suspicious
More informationVistara Lifecycle Management
Vistara Lifecycle Management Solution Brief Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationHow To Buy Nitro Security
McAfee Acquires NitroSecurity McAfee announced that it has closed the acquisition of privately owned NitroSecurity. 1. Who is NitroSecurity? What do they do? NitroSecurity develops high-performance security
More informationSymantec Consulting Services
GET MORE FROM YOUR SECURITY SOLUTIONS Symantec Consulting 2015 Symantec Corporation. All rights reserved. Access outstanding talent and expertise with Symantec Consulting Symantec s Security Consultants
More informationGetting a head start in Software Asset Management
Getting a head start in Software Asset Management Managing software for improved cost control, better security and reduced risk A guide from Centennial Software September 2007 Abstract Software Asset Management
More informationInformation Technology Services
Information Technology Services 2011 Services Guide 77 Accord Park Drive, Suite A10 Norwell, MA 02061 (781) 871-3662 A proactive, preventative approach to IT management. System downtime, viruses, spyware,
More informationManaged Service Plans
Managed Service Plans www.linkedtech.com 989.837.3060 989.832.2802 fax Managed Information Technology Services System downtime, viruses, spy ware, losses of productivity Are the computer systems you rely
More informationThe Casper Suite An ROI overview
The Casper Suite An ROI overview Introduction Inside Read how the Casper Suite delivers significant ROI in the following areas: Imaging Inventory Software Distribution Patch Management Settings and Security
More informationNERC CIP VERSION 5 COMPLIANCE
BACKGROUND The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Reliability Standards define a comprehensive set of requirements that are the basis for maintaining
More informationEnterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.
ENTERPRISE MONITORING & LIFECYCLE MANAGEMENT Unify IT Operations Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid
More informationServer & Application Monitor
Server & Application Monitor agentless application & server monitoring SolarWinds Server & Application Monitor provides predictive insight to pinpoint app performance issues. This product contains a rich
More informationHow To Monitor Hybrid It From A Hybrid Environment
IT Monitoring for the Hybrid Enterprise With a Look at ScienceLogic Perspective 2012 Neovise, LLC. All Rights Reserved. Report Published April, 2015 Hybrid IT Goes Mainstream Enterprises everywhere are
More informationSecunia Vulnerability Intelligence Manager (VIM) 4.0
Secunia Vulnerability Intelligence Manager (VIM) 4.0 In depth Real-time vulnerability intelligence brought to you on time, every time, by Secunia s renowned research team Introduction Secunia is the world-leading
More informationAvoiding the Top 5 Vulnerability Management Mistakes
WHITE PAPER Avoiding the Top 5 Vulnerability Management Mistakes The New Rules of Vulnerability Management Table of Contents Introduction 3 We ve entered an unprecedented era 3 Mistake 1: Disjointed Vulnerability
More informationMicrosoft Windows Intune: Cloud-based solution
Microsoft Windows Intune: Cloud-based solution So what exactly is Windows Intune? Windows Intune simplifies and helps businesses manage and secure PCs using Windows cloud services and Windows 7. Windows
More informationBeyond the Hypervisor: Optimizing Virtualization Management
Beyond the Hypervisor: Optimizing Virtualization Management An ENTERPRISE MANAGEMENT ASSOCIATES (EMA ) White Paper Prepared for ASG Software Solutions August 2009 IT MANAGEMENT RESEARCH, Table of Contents
More informationAutomating Software License Management
Automating Software License Management Automating license management saves time, resources, and costs. It also consistently produces high quality data and a documentable method for mapping software licenses
More informationData Sheet: Endpoint Security Symantec Network Access Control Comprehensive Endpoint Enforcement
Comprehensive Endpoint Enforcement Overview is a complete, end-to-end network access control solution that enables organizations to efficiently and securely control access to corporate networks through
More informationNessus Agents. October 2015
Nessus Agents October 2015 Table of Contents Introduction... 3 What Are Nessus Agents?... 3 Scanning... 4 Results... 6 Conclusion... 6 About Tenable Network Security... 6 2 Introduction Today s changing
More informationHow To Monitor Your Entire It Environment
Preparing for FISMA 2.0 and Continuous Monitoring Requirements Symantec's Continuous Monitoring Solution White Paper: Preparing for FISMA 2.0 and Continuous Monitoring Requirements Contents Introduction............................................................................................
More informationeffective performance monitoring in SAP environments
WHITE PAPER September 2012 effective performance monitoring in SAP environments Key challenges and how CA Nimsoft Monitor helps address them agility made possible table of contents executive summary 3
More informationThe Top 10 Requirements for Effective Enterprise Patch and Vulnerability Management. White Paper April 2006
The Top 10 Requirements for Effective Enterprise Patch and Vulnerability Management White Paper April 2006 Keeping up with the steady flow of new patches being released for both platforms and applications
More informationHow To Manage Software License Management With An Aspera Catalog
Software License Management Guide How To: Choosing the Right Catalog for Software License Management Software license management tools all rely on an SKU catalog to reference and validate license data.
More informationExtreme Networks Security Analytics G2 Vulnerability Manager
DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering
More informationHow To Protect Your Cloud From Attack
A Trend Micro White Paper August 2015 Trend Micro Cloud Protection Security for Your Unique Cloud Infrastructure Contents Introduction...3 Private Cloud...4 VM-Level Security...4 Agentless Security to
More informationnworks version 5.0 Veeam Software TECHNOLOGY AUDIT OVUM BUTLER GROUP VIEW ABSTRACT KEY FINDINGS LOOK AHEAD
Reference Code: TA001815IMT Publication Date: December 2009 Author: Alan Rodger, Karthik Balakrishnan, and Somak Roy TECHNOLOGY AUDIT nworks version 5.0 Veeam Software OVUM BUTLER GROUP VIEW ABSTRACT Veeam
More informationrating of 5 out 5 stars
SPM User Guide Contents Aegify comprehensive benefits... 2 Security Posture Assessment workflow... 3 Scanner Management... 3 Upload external scan output... 6 Reports - Views... 6 View Individual Security
More informationWhite Paper The Dynamic Nature of Virtualization Security
White Paper The Dynamic Nature of Virtualization Security The need for real-time vulnerability management and risk assessment Introduction Virtualization is radically shifting how enterprises deploy, deliver,
More informationPCI DSS Top 10 Reports March 2011
PCI DSS Top 10 Reports March 2011 The Payment Card Industry Data Security Standard (PCI DSS) Requirements 6, 10 and 11 can be the most costly and resource intensive to meet as they require log management,
More informationConvergence of Desktop Security and Management: System Center 2012 Endpoint Protection and System Center 2012 Configuration Manager
Convergence of Desktop Security and Management: System Center 2012 Endpoint Protection and System Center 2012 Configuration Manager Contents INTRODUCTION: UNDERSTANDING HOW ALIGNING DESKTOP SECURITY AND
More informationVulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper
Vulnerability Audit: Why a Vulnerability Scan Isn t Enough White Paper May 10, 2005 TABLE OF CONTENTS Introduction: How Secure Are My Systems?... 3 Vulnerability: The Modern Meaning Of A Muddled Word...
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches transparently Allows only white-listed applications to run in workstations Provides virus protection for Ovation Windows workstations
More informationI D C A N A L Y S T C O N N E C T I O N
I D C A N A L Y S T C O N N E C T I O N Robert Westervelt Research Manager, Security Products T h e R o l e a nd Value of Continuous Security M o nitoring August 2015 Continuous security monitoring (CSM)
More informationIT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS
IT INFRASTRUCTURE MANAGEMENT SERVICE ADDING POWER TO YOUR NETWORKS IT INFRASTRUCTURE MANAGEMENT SERVICES Nortech Remote management IT security Services provide around clock remote Management, real time
More informationOvation Security Center Data Sheet
Features Scans for vulnerabilities Discovers assets Deploys security patches easily Allows only white-listed applications in workstations to run Provides virus protection for Ovation Windows stations Aggregates,
More informationYOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next
YOUR DATA UNDER SIEGE: GUARD THE GAPS WITH PATCH MANAGEMENT. With Kaspersky, now you can. kaspersky.com/business Be Ready for What s Next Your Data Under Siege: Guard the Gaps with Patch Management 1.0
More informationwith Managing RSA the Lifecycle of Key Manager RSA Streamlining Security Operations Data Loss Prevention Solutions RSA Solution Brief
RSA Solution Brief Streamlining Security Operations with Managing RSA the Lifecycle of Data Loss Prevention and Encryption RSA envision Keys with Solutions RSA Key Manager RSA Solution Brief 1 Who is asking
More informationInstalling and Administering VMware vsphere Update Manager
Installing and Administering VMware vsphere Update Manager Update 1 vsphere Update Manager 5.1 This document supports the version of each product listed and supports all subsequent versions until the document
More informationHow To: Choosing the Right Catalog for Software License Management
Software License Management Guide How To: Choosing the Right Catalog for Software License Management Software License Management tools all rely on a catalog to reference and validate data. In this guide
More informationTrend Micro. Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION
SOLUTION BRIEF Trend Micro CLOUD AND DATA CENTER SECURITY Secure virtual, cloud, physical, and hybrid environments easily and effectively INTRODUCTION As you take advantage of the operational and economic
More informationKaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management. www.kaseya.com
Kaseya White Paper Endpoint Security Fighting Cyber Crime with Automated, Centralized Management www.kaseya.com To win the ongoing war against hackers and cyber criminals, IT professionals must do two
More informationWhy you need an Automated Asset Management Solution
solution white paper Why you need an Automated Asset Management Solution By Nicolas Renard, Support and Professional Services Manager, BMC France Table of Contents 1 OVERVIEW Automated Asset Discovery
More informationKaseya IT Automation Framework
Kaseya Kaseya IT Automation Framework An Integrated solution designed for reducing complexity while increasing productivity for IT Professionals and Managed Service Providers. The powerful, web-based automation
More informationNetwork Access Control in Virtual Environments. Technical Note
Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved
More informationData Sheet: Archiving Altiris Server Management Suite 7.0 from Symantec Essential server management: Discover, provision, manage, and monitor
Essential server management: Discover, provision, manage, and monitor Overview Complexity with physical and virtual machine proliferation increases the challenges involved in managing servers. Server administrators
More informationThe ROI of Automated Agentless Endpoint Management
V The ROI of Automated Agentless Endpoint Management A Frost & Sullivan White Paper Prepared by Ariel Avitan, Industry Analyst 2 TABLE OF CONTENTS The Impact of Endpoint Monitoring and Control Solutions
More informationFIREMON SECURITY MANAGER
FIREMON SECURITY MANAGER Regain control of firewalls with comprehensive firewall management The enterprise network is a complex machine. New network segments, new hosts and zero-day vulnerabilities are
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationCloud and Data Center Security
solution brief Trend Micro Cloud and Data Center Security Secure virtual, cloud, physical, and hybrid environments easily and effectively introduction As you take advantage of the operational and economic
More informationNorthwestern University Dell Kace Patch Management
Northwestern University Dell Kace Patch Management Desktop Patch Management Best Practices Table of Contents: 1. Audience 2. Definition 3. Patch Approaches 4. Guidelines for Review, Test, and Deploy 5.
More informationCompliance Guide ISO 27002. Compliance Guide. September 2015. Contents. Introduction 1. Detailed Controls Mapping 2.
ISO 27002 Compliance Guide September 2015 Contents Compliance Guide 01 02 03 Introduction 1 Detailed Controls Mapping 2 About Rapid7 7 01 INTRODUCTION If you re looking for a comprehensive, global framework
More informationSample Vulnerability Management Policy
Sample Internal Procedures and Policy Guidelines February 2015 Document Control Title: Document Control Number: 1.0.0 Initial Release: Last Updated: February 2015, Manager IT Security February 2015, Director
More informationAltiris Server Management Suite 7.1 from Symantec
Altiris Server Suite 7.1 from Symantec Standardized control for distributed, heterogeneous server environments Data Sheet: Endpoint Overview The complexity of managing today s data centers is complicated
More informationWhat is Security Intelligence?
2 What is Security Intelligence? Security Intelligence --noun 1. the real-time collection, normalization, and analytics of the data generated by users, applications and infrastructure that impacts the
More informationBackup Exec System Recovery Management Solution 2010 FAQ
Backup Exec System Recovery Management Solution 2010 FAQ Contents Overview... 1 Supported Backup Exec System Recovery Versions and Configurations... 6 Backup Exec System Recovery Management Solution Installation
More informationKeeping your data yours
CORPORATE BROCHURE Keeping your data yours Outpost24 provides state of the art vulnerability management technology and services that simplify the complex security needs of modern businesses. Since 2001,
More informationCaretower s SIEM Managed Security Services
Caretower s SIEM Managed Security Services Enterprise Security Manager MSS -TRUE 24/7 Service I.T. Security Specialists Caretower s SIEM Managed Security Services 1 Challenges & Solution Challenges During
More informationData Sheet: Server Management Altiris Server Management Suite 7.0 Essential server management: Discover, provision, manage, and monitor
Essential server management: Discover, provision, manage, and monitor Overview Complexity with physical and virtual machine proliferation increases the challenges involved in managing servers. Server administrators
More informationSecunia Corporate Software Inspector (CSI)
Secunia Corporate Software Inspector (CSI) Complete Flexible Unique The Secunia CSI 7.0 works the way you do Secunia CSI 7.0 Technical User Guide Rev. 03-Sep-2013 Secunia.com Contents Secunia Corporate
More informationIT Asset Inventory and Outsourcing: The Value of Visibility
BDNA WHITE PAPER IT Asset Inventory and Outsourcing: The Value of Visibility October 2007 bdnacorp.com U.S. Corporate Headquarters 650.625.9530 Europe, Middle East & Africa +33.1.42.27.10.71 Asia Pacific
More informationVulnerability Assessment Service
Vulnerability Assessment Service Management Brief Introduction: Vulnerability Assessment (VA) is the process of determining the security status of the IT infrastructure. The objective of VA is to present
More information2011 Forrester Research, Inc. Reproduction Prohibited
1 2011 Forrester Research, Inc. Reproduction Prohibited Information Security Metrics Present Information that Matters to the Business Ed Ferrara, Principal Research Analyst July 12, 2011 2 2009 2011 Forrester
More informationIntelligent Inventory and Professional License Management
Intelligent Inventory and Professional License Management RayVentory is part of RaySuite. Smarter Software and Hardware Inventory Top Benefits Various collection methods Agent-based and agentless inventory
More informationHP Application Security Center
HP Application Security Center Web application security across the application lifecycle Solution brief HP Application Security Center helps security professionals, quality assurance (QA) specialists and
More information