EXTENSIVE FEATURE DESCRIPTION SECUNIA CORPORATE SOFTWARE INSPECTOR. Non-intrusive, authenticated scanning for OT & IT environments. secunia.

Similar documents
Complete Patch Management

Complete Patch Management

Complete Patch Management

Managing non-microsoft updates

Secunia Corporate Software Inspector (Secunia CSI) ver.5.0

Secunia Corporate Software Inspector (CSI)

Vulnerability Intelligence & 3 rd party patch management

Scanless Vulnerability Assessment. A Next-Generation Approach to Vulnerability Management

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

How To Manage A Network Security Risk

GETTING STARTED WITH THE ISCAN ONLINE DATA BREACH PREVENTION LIFECYCLE

SANS Top 20 Critical Controls for Effective Cyber Defense

Devising a Server Protection Strategy with Trend Micro

Devising a Server Protection Strategy with Trend Micro

Vulnerability management lifecycle: defining vulnerability management

Closing the Vulnerability Gap of Third- Party Patching

How To Protect Your Cloud From Attack

Patch Management SoftwareTechnical Specs

CA Client Automation

Vulnerability Management

IBM Security QRadar Vulnerability Manager Version User Guide

The Importance of Patching Non-Microsoft Applications

76% Secunia Vulnerability Review. Key figures and facts from a global IT-Security perspective. Published February 26, secunia.

How PatchLink Meets the Top 10 Requirements for Enterprise Patch and Vulnerability Management. White Paper Sept. 2006

PATCH MANAGEMENT. February The Government of the Hong Kong Special Administrative Region

Practical Patch Compliance

REPORT State of Vulnerability Risk Management

THREAT VISIBILITY & VULNERABILITY ASSESSMENT

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

IBM Tivoli Endpoint Manager for Security and Compliance

Five steps to improve your network s health

Patch Management Solutions Test

IBM Tivoli Endpoint Manager for Lifecycle Management

Netzwerkvirtualisierung? Aber mit Sicherheit!

IBM Tivoli Endpoint Manager for Lifecycle Management

The Importance of Patching Non-Microsoft Applications

Power, Patch, and Endpoint Managers Expand McAfee epo Platform Capabilities While Cutting Endpoint Costs

What Do You Mean My Cloud Data Isn t Secure?

Secunia Corporate Software Inspector

Reducing the cost and complexity of endpoint management

The Importance of Patching Non-Microsoft Applications

Resolving the Top Three Patch Management Challenges

Extreme Networks Security Analytics G2 Vulnerability Manager

Lumension Endpoint Management and Security Suite

IBM Security IBM Corporation IBM Corporation

CA Client Automation: Patch Manager - Supported Patches

Sophistication of attacks will keep improving, especially APT and zero-day exploits

Secunia Vulnerability Review

Sygate Secure Enterprise and Alcatel

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

Nessus Agents. October 2015

Staying Secure After Microsoft Windows Server 2003 Reaches End of Life. Trevor Richmond, Sales Engineer Trend Micro

A Best Practice Approach to Third Party Patching

Reducing the Complexity of Virtualization for Small and Midsized Businesses

Total Protection for Compliance: Unified IT Policy Auditing

Altiris IT Management Suite 7.1 from Symantec

End-user Security Analytics Strengthens Protection with ArcSight

CloudPassage Halo Technical Overview

Continuous Network Monitoring

for businesses with more than 25 seats

Bitdefender GravityZone Sales Presentation

ForeScout CounterACT CONTINUOUS DIAGNOSTICS & MITIGATION (CDM)

Tivoli Endpoint Manager. Increasing the Business Value of IT, One Endpoint at a Time

Network Security and Vulnerability Assessment Solutions

Vulnerability Scanning and Patch Management

Lumension Endpoint Management and Security Suite (LEMSS): Patch and Remediation

Keeping your data yours

Cybercrime myths, challenges and how to protect our business. Vladimir Kantchev Managing Partner Service Centrix

ALERT LOGIC FOR HIPAA COMPLIANCE

Standard: Vulnerability Management and Assessment

BEST PRACTICES. Systems Management.

ESET Security Solutions for Your Business

Kaseya IT Automation Framework

VULNERABILITY MANAGEMENT

Altiris IT Management Suite 7.1 from Symantec

Keeping your data yours

Ovation Security Center Data Sheet

Casper Suite. Security Overview

System Requirements - Table of Contents

IBM Endpoint Manager for Core Protection

XpoLog Center Suite Data Sheet

Extreme Networks Security Analytics G2 Risk Manager

Dell KACE K1000 System Management Appliance Version 5.4. Patching and Security Guide

Driving Company Security is Challenging. Centralized Management Makes it Simple.

How to Grow and Transform your Security Program into the Cloud

Secunia Vulnerability Intelligence Manager

Description of Actual State Sensor Types for the Software Asset Management (SWAM) Capability. 7 Jul 2014

Three Ways to Secure Virtual Applications

IT Security & Compliance. On Time. On Budget. On Demand.

2015 Vulnerability Statistics Report

System requirements. Java SE Runtime Environment(JRE) 7 (32bit) Java SE Runtime Environment(JRE) 6 (64bit) Java SE Runtime Environment(JRE) 7 (64bit)

Why Free Patch Management Tools Could Cost You More

Protecting Your Organisation from Targeted Cyber Intrusion

Invincea Advanced Endpoint Protection

Dupaco Cafe Secure your business Your time is valuable how F-Secure can help you make the most out of it

RSA envision. Platform. Real-time Actionable Security Information, Streamlined Incident Handling, Effective Security Measures. RSA Solution Brief

Virtualization Journey Stages

Closing the Antivirus Protection Gap

Windows Server 2003 End of Support. What does it mean? What are my options?

User s Guide. Skybox Risk Control Revision: 11

Transcription:

Non-intrusive, authenticated scanning for OT & IT environments

The situation: convenience vs. security Interconnectivity between organizations and corporate networks, the internet and the cloud and thus commercial software is at an unprecedented high that is only set to increase over the next five to ten years when smart technology is rolled out on a global scale. Greater levels of availability, accessibility and convenience are undoubtedly a positive occurrence. However, in the rush to achieve these three elements, the security factor is often left lagging behind. The result is that organizational assets are being critically exposed to record levels of vulnerabilities in software, which act as the gateways to the heart of these assets and the infrastructures that they belong to. This is a challenge for all organizations to deal with, but particularly so for those that have to combine and secure Operational Technology (OT) and Information Technology (IT) environments, such as healthcare institutions and Industrial Control Systems (ICSs). The most common type of ICS: Supervisory Control and Data Acquisition (SCADA) systems, which are typically over 40 years old; are a good example of this challenge. Now that these systems corporate assets and devices have had their traditional bubble wrap of isolation taken away and have been connected to other networks, the internet and the cloud; what security safeguards are in place to protect them from vulnerabilities?

Addressing the core part of the problem Vulnerability assessment is a critical component of any best practice vulnerability management process, and scanning the software linked to assets and devices within OT and IT environments/ infrastructures plays a pivotal role. The most common technique of vulnerability assessment is active network scanning; however, this method is widely considered to be too intrusive and is known for the elevated number of false-positive results that it generates. In contrast to this, the Secunia Corporate Software Inspector (CSI) offers a non-intrusive alternative to active scanning. Secunia s authenticated scan provides accuracy which is in line with the management approach and requirements of OT and IT environments. Importantly, its scanning functionality is intuitive, scalable and in tune with the unique set ups of individual organizations. The technology an authentic approach The Secunia CSI s baseline technology is an internal vulnerability scanner that relies on an authenticated scan approach, which enables the identification of all installed programs and plug-ins based on the actual files present on a system. As such, the Secunia CSI is capable of assessing the security state of practically all legitimate programs running on Microsoft Windows platforms and supports scanning of Windows, Apple Mac OSX, Android and Red Hat Enterprise Linux (RHEL) platforms. It correlates program metadata with Secunia s comprehensive product database (covering programs and plug-ins from thousands of vendors) to build an inventory of the installed programs and plug-ins. This inventory is then correlated with vulnerability metadata based on Secunia s renowned vulnerability intelligence. The accuracy of this extremely reliable mapping approach is unprecedented and provides actionable results with risk ratings and other metrics based on Secunia Advisories. The flexible reporting engine together with a powerful local database console allows users to easily create reports and export data, for instance, to be used in a GRC or SIEM tool for compliance reporting.

Deep dive how the scan works The Secunia CSI scans computers in your network from a web browser console (SaaS). Specific metadata is collected from.exe,.dll, and.ocx files on the system being scanned. Metadata is generic non-sensitive text strings embedded in the binary files from the vendors of the products. This data is collected and then sent to Secunia s Secure Data Processing Cloud where it is processed and parsed, and then matched against Secunia File Signatures, which are rules that match the raw metadata to an actual product installation. Part of this matching process also results in an exact version being extracted from the metadata. This means that after the initial parsing, the Secunia CSI knows exactly which products are on the system and their exact version. The inventory of software is then compared against the unique Secunia Advisory and Vulnerability Database, which contains the most accurate and current vulnerability intelligence available. The result is a precise inventory of products: the full installation path, version details and the security state of each, along with a direct reference to any corresponding Secunia Advisory detailing the exact vulnerabilities and their Secunia assessed criticality and impact. Since the scan process works by looking at the actual files on the system being scanned, the result is extremely reliable as a product cannot be installed on a system without the actual files required being present. This in turn means that the Secunia CSI rarely identifies false-positives and the results from the Secunia CSI can be used immediately, without doing additional data mining. The scan results of the Secunia CSI provide critical vulnerability details so that you can plan alternative mitigation strategies, thereby enhancing your network security, endpoint protection and internet security. The CSI s small system footprint ensures short scan times, smooth performance and no limitation to the amount of scanned hosts. Scan Collect Cloud Compare Inventory GOOGLE CHROME MOZILLA FIREFOX APPLE ITUNES Scanning ADOBE FLASH PLAYE ORACLE JAVA JRE SE Patches ADOBE AIR MICROSOFT WINDO ADOBE READER MICROSOFT INTERN Security APPLE QUICKTIME MICROSOFT.NET FRA VLC MEDIA PLAYER

Agent or agent-less, the result is actionable results with risk ratings The Secunia CSI is flexible as it has unique scanning options designed to suit every infrastructure, allowing you to use agent, agent-less, or a combination of both scanning methods in the same environment. Here are your scanning options with the Secunia CSI Agent-less Agent-less scanning of your systems can be performed out-of-the box. When running agent-less, the Secunia CSI utilizes standard Windows services (Workstation service, Server service, Remote Registry service, COM+ services) to scan the systems on your network.the agents can also be automatically deployed through the CSI s integration with Microsoft System Center Configuration Manager/ WSUS. Agent-based Agent-based scanning is more flexible. It can be used in segmented networks and to scan systems that are not always online (e.g. laptops). The agents can also be automatically deployed through the CSI s integration with Microsoft System Center Configuration Manager/WSUS. Remote Appliance mode offers agent-less scanning from centralized hosts; in branch offices for example. Command Line Interface mode makes it possible to schedule and manage scans using other tools (e.g. log-on scripts). System Center Configuration Manager Inventory Import Scan results are obtained from the data collected by the System Center Configuration Manager software inventory agent, which avoids the need to install the Secunia CSI agent on each client. after being processed by Secunia Detection/Version Rules. Custom software The Secunia CSI can be used to scan custom software. That is, if you have (non-public) software that has been designed for your organization, you can use the Secunia CSI to identify exactly on which hosts this is present. Additional scanning features that support the aforementioned options (and your day-to-day work) include: Scheduled software scans Scans can be scheduled to run concurrently, thereby reducing your network bandwidth consumption and speeding up the scanning process. Scheduling scans also makes it easy to conduct compliance audits and ensure that patches have been successfully installed. Quick scans Fast on-demand scans can be conducted from the Secunia CSI console against remote hosts on a network or local system. Scan progress It is possible to continuously track the scans that are being conducted and also configure the number of simultaneous scan threads. Red Hat Enterprise Linux (RHEL) The scan agent for RHEL uses the inventory which is already present (RPM) and displays this in the Secunia CSI

The value helping reduce the attack surface Carefully combining availability management criteria with top notch security capabilities and processes is a delicate and difficult balancing act without the right insights and tools to rely on. Risk reduction is the name of the game. The point is not IF you will suffer a breach, rather it is generally accepted as a fact that it WILL happen for all organizations, therefore managing the vulnerability management lifecycle is vital for OT organizations. Early detection of one of the major attack vectors threatening organizations and ICSs such as SCADA worldwide: vulnerabilities, means that attack surfaces can be reduced to help mitigate risk. Crucial rapid responses can be initiated as soon as possible to prevent disruption to the master controls of important industrial systems or corporate networks and their invaluable resources and data. The customizable scaling and segmentation capabilities of the Secunia CSI provide the essential pinpointing and tracking of vulnerabilities in installed software that aids predictive threat modeling of OT and IT environments. Scans can map baseline infrastructures or segmented assets only, and monitor them for vulnerabilities. For instance, security teams can reduce the scope of their vulnerability scans to just the endpoints highlighted as having an unacceptable level of exposure. The last word According to Gartner: VA scanning must be used with other security controls for enterprises to realize effective protection from broad-scale attacks and from advanced targeted threats (which typically exploit well-known vulnerabilities), and to operationalize the vulnerability remediation activities as required for general risk reduction and compliance mandates. Deployment flexibility, scope of technologies that can be scanned, rich analysis and reporting, and integration with other technologies and processes should be key criteria when selecting a vulnerability assessment vendor. Gartner, 2013. (1) The Secunia CSI is built on the concept of complete patch management, integrating vulnerability intelligence and vulnerability scanning with patch creation and patch deployment integration. 1: Gartner MarketScope for Vulnerability Assessment. Kelly M. Kavanagh. September 9, 2013.

You can get a free trial of the Secunia CSI and test its non-intrusive, authenticated scanning functionality at /csi Stay Secure! facebook.com/secunia gplus.to/secunia twitter.com/secunia linkedin.com/company/secunia Visit us at

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information