EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.

Transcription

1 Non-intrusive, authenticated scanning for OT & IT environments

2 The situation: convenience vs. security Interconnectivity between organizations and corporate networks, the internet and the cloud and thus commercial software is at an unprecedented high that is only set to increase over the next five to ten years when smart technology is rolled out on a global scale. Greater levels of availability, accessibility and convenience are undoubtedly a positive occurrence. However, in the rush to achieve these three elements, the security factor is often left lagging behind. The result is that organizational assets are being critically exposed to record levels of vulnerabilities in software, which act as the gateways to the heart of these assets and the infrastructures that they belong to. This is a challenge for all organizations to deal with, but particularly so for those that have to combine and secure Operational Technology (OT) and Information Technology (IT) environments, such as healthcare institutions and Industrial Control Systems (ICSs). The most common type of ICS: Supervisory Control and Data Acquisition (SCADA) systems, which are typically over 40 years old; are a good example of this challenge. Now that these systems corporate assets and devices have had their traditional bubble wrap of isolation taken away and have been connected to other networks, the internet and the cloud; what security safeguards are in place to protect them from vulnerabilities?

3 Addressing the core part of the problem Vulnerability assessment is a critical component of any best practice vulnerability management process, and scanning the software linked to assets and devices within OT and IT environments/ infrastructures plays a pivotal role. The most common technique of vulnerability assessment is active network scanning; however, this method is widely considered to be too intrusive and is known for the elevated number of false-positive results that it generates. In contrast to this, the Secunia Corporate Software Inspector (CSI) offers a non-intrusive alternative to active scanning. Secunia s authenticated scan provides accuracy which is in line with the management approach and requirements of OT and IT environments. Importantly, its scanning functionality is intuitive, scalable and in tune with the unique set ups of individual organizations. The technology an authentic approach The Secunia CSI s baseline technology is an internal vulnerability scanner that relies on an authenticated scan approach, which enables the identification of all installed programs and plug-ins based on the actual files present on a system. As such, the Secunia CSI is capable of assessing the security state of practically all legitimate programs running on Microsoft Windows platforms and supports scanning of Windows, Apple Mac OSX, Android and Red Hat Enterprise Linux (RHEL) platforms. It correlates program metadata with Secunia s comprehensive product database (covering programs and plug-ins from thousands of vendors) to build an inventory of the installed programs and plug-ins. This inventory is then correlated with vulnerability metadata based on Secunia s renowned vulnerability intelligence. The accuracy of this extremely reliable mapping approach is unprecedented and provides actionable results with risk ratings and other metrics based on Secunia Advisories. The flexible reporting engine together with a powerful local database console allows users to easily create reports and export data, for instance, to be used in a GRC or SIEM tool for compliance reporting.

4 Deep dive how the scan works The Secunia CSI scans computers in your network from a web browser console (SaaS). Specific metadata is collected from.exe,.dll, and.ocx files on the system being scanned. Metadata is generic non-sensitive text strings embedded in the binary files from the vendors of the products. This data is collected and then sent to Secunia s Secure Data Processing Cloud where it is processed and parsed, and then matched against Secunia File Signatures, which are rules that match the raw metadata to an actual product installation. Part of this matching process also results in an exact version being extracted from the metadata. This means that after the initial parsing, the Secunia CSI knows exactly which products are on the system and their exact version. The inventory of software is then compared against the unique Secunia Advisory and Vulnerability Database, which contains the most accurate and current vulnerability intelligence available. The result is a precise inventory of products: the full installation path, version details and the security state of each, along with a direct reference to any corresponding Secunia Advisory detailing the exact vulnerabilities and their Secunia assessed criticality and impact. Since the scan process works by looking at the actual files on the system being scanned, the result is extremely reliable as a product cannot be installed on a system without the actual files required being present. This in turn means that the Secunia CSI rarely identifies false-positives and the results from the Secunia CSI can be used immediately, without doing additional data mining. The scan results of the Secunia CSI provide critical vulnerability details so that you can plan alternative mitigation strategies, thereby enhancing your network security, endpoint protection and internet security. The CSI s small system footprint ensures short scan times, smooth performance and no limitation to the amount of scanned hosts. Scan Collect Cloud Compare Inventory GOOGLE CHROME MOZILLA FIREFOX APPLE ITUNES Scanning ADOBE FLASH PLAYE ORACLE JAVA JRE SE Patches ADOBE AIR MICROSOFT WINDO ADOBE READER MICROSOFT INTERN Security APPLE QUICKTIME MICROSOFT.NET FRA VLC MEDIA PLAYER

5 Agent or agent-less, the result is actionable results with risk ratings The Secunia CSI is flexible as it has unique scanning options designed to suit every infrastructure, allowing you to use agent, agent-less, or a combination of both scanning methods in the same environment. Here are your scanning options with the Secunia CSI Agent-less Agent-less scanning of your systems can be performed out-of-the box. When running agent-less, the Secunia CSI utilizes standard Windows services (Workstation service, Server service, Remote Registry service, COM+ services) to scan the systems on your network.the agents can also be automatically deployed through the CSI s integration with Microsoft System Center Configuration Manager/ WSUS. Agent-based Agent-based scanning is more flexible. It can be used in segmented networks and to scan systems that are not always online (e.g. laptops). The agents can also be automatically deployed through the CSI s integration with Microsoft System Center Configuration Manager/WSUS. Remote Appliance mode offers agent-less scanning from centralized hosts; in branch offices for example. Command Line Interface mode makes it possible to schedule and manage scans using other tools (e.g. log-on scripts). System Center Configuration Manager Inventory Import Scan results are obtained from the data collected by the System Center Configuration Manager software inventory agent, which avoids the need to install the Secunia CSI agent on each client. after being processed by Secunia Detection/Version Rules. Custom software The Secunia CSI can be used to scan custom software. That is, if you have (non-public) software that has been designed for your organization, you can use the Secunia CSI to identify exactly on which hosts this is present. Additional scanning features that support the aforementioned options (and your day-to-day work) include: Scheduled software scans Scans can be scheduled to run concurrently, thereby reducing your network bandwidth consumption and speeding up the scanning process. Scheduling scans also makes it easy to conduct compliance audits and ensure that patches have been successfully installed. Quick scans Fast on-demand scans can be conducted from the Secunia CSI console against remote hosts on a network or local system. Scan progress It is possible to continuously track the scans that are being conducted and also configure the number of simultaneous scan threads. Red Hat Enterprise Linux (RHEL) The scan agent for RHEL uses the inventory which is already present (RPM) and displays this in the Secunia CSI

6 The value helping reduce the attack surface Carefully combining availability management criteria with top notch security capabilities and processes is a delicate and difficult balancing act without the right insights and tools to rely on. Risk reduction is the name of the game. The point is not IF you will suffer a breach, rather it is generally accepted as a fact that it WILL happen for all organizations, therefore managing the vulnerability management lifecycle is vital for OT organizations. Early detection of one of the major attack vectors threatening organizations and ICSs such as SCADA worldwide: vulnerabilities, means that attack surfaces can be reduced to help mitigate risk. Crucial rapid responses can be initiated as soon as possible to prevent disruption to the master controls of important industrial systems or corporate networks and their invaluable resources and data. The customizable scaling and segmentation capabilities of the Secunia CSI provide the essential pinpointing and tracking of vulnerabilities in installed software that aids predictive threat modeling of OT and IT environments. Scans can map baseline infrastructures or segmented assets only, and monitor them for vulnerabilities. For instance, security teams can reduce the scope of their vulnerability scans to just the endpoints highlighted as having an unacceptable level of exposure. The last word According to Gartner: VA scanning must be used with other security controls for enterprises to realize effective protection from broad-scale attacks and from advanced targeted threats (which typically exploit well-known vulnerabilities), and to operationalize the vulnerability remediation activities as required for general risk reduction and compliance mandates. Deployment flexibility, scope of technologies that can be scanned, rich analysis and reporting, and integration with other technologies and processes should be key criteria when selecting a vulnerability assessment vendor. Gartner, (1) The Secunia CSI is built on the concept of complete patch management, integrating vulnerability intelligence and vulnerability scanning with patch creation and patch deployment integration. 1: Gartner MarketScope for Vulnerability Assessment. Kelly M. Kavanagh. September 9, 2013.

7 You can get a free trial of the Secunia CSI and test its non-intrusive, authenticated scanning functionality at /csi Stay Secure! facebook.com/secunia gplus.to/secunia twitter.com/secunia linkedin.com/company/secunia Visit us at