Analytics
8/30/2012
02:09 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Secunia Launches Corporate Software Inspector 6.0

Secunia CSI 6.0 combines vulnerability intelligence, vulnerability scanning and patch creation with patch deployment tool integration

Copenhagen, Denmark – August 30, 2012 - Secunia, the leading provider of IT security solutions that enable businesses and private individuals to manage and control vulnerability threats, today announced the general availability of the next generation of its flagship solution the Secunia Corporate Software Inspector (CSI) version 6.0 (http://secunia.com/vulnerability_scanning/ ). The new solution provides customers with the unique ability to understand and evaluate their entire threat landscape, identify exactly where application vulnerabilities exist and how best to prioritize and implement remediation efforts, all whilst leveraging and maximizing existing security investments in current Client Management (CM), Security Information & Event Management (SIEM), and Governance, Risk & Compliance (GRC) tools.

“The overall mission of the Secunia CSI 6.0 has been to empower our customers and their current infrastructure, while providing them with the best of breed vulnerability intelligence, scanning, and pre-created patch packages. We have therefore focused on developing the Secunia CSI’s integration capabilities, making the Secunia CSI 6.0 a much more useful and extensive Vulnerability and Patch Management tool”, said Morten R. Stengaard, Director of Product Management and Quality Assurance at Secunia.

Companies that do not have a complete overview of what is installed across laptops, PCs, and servers, and the security state of these programs, are at a disadvantage as it becomes impossible to prioritize remediation efforts and efficiently managing the environment to reduce risk and increase the security state – and the vulnerability threat landscape is intensifying. “In 2011, Secunia identified more than 800 end-point vulnerabilities, of which more than 50% were rated as highly or extremely critical (exploitable from remote), and 78% of all vulnerabilities affected non-Microsoft programs; that is, a greater, more critical, and more diverse vulnerability exposure that faces companies”, said Stengaard.

The Secunia CSI provides the reliable, comprehensive, and up-to-date vulnerability intelligence and highly accurate scan results needed by IT-operations and security teams to deal with these vulnerabilities. By combining these two capabilities with automated patch creation and integration, the intelligence becomes actionable in a CM, SIEM, and GRC perspective and more cost effective. ”Simply put, we have designed the new Secunia CSI to help our customers realize a better return on those investments while at the same time improving their security level”, said Stengaard.

The Secunia CSI 6.0 is the next ‘push’ from Secunia towards enabling companies to take their IT-security to a higher level, a development which is directly attributed to the on-going dialogue and feedback from customers. Among the most important new features is the updated vulnerability scanner that covers more operating platforms (Windows, Mac OSX, and Red Hat Enterprise Linux, (RHEL)), as well as the ability to scan for custom software throughout the environment, with updates being created using the Secunia Package System (SPS) and deployed with existing deployment solutions. With expanded coverage, organizations are armed with the information, responsiveness, and protection needed to ensure business continuity and minimize business damage.

Further, the new easy integration with preferred deployment solutions such as Microsoft Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager (SCCM), Altiris Deployment Solution, as well as any other third-party configuration management tools allows for easy installation of third-party updates, making patching a simple and straight-forward process for all IT departments. In the cases where regulatory compliance is of concern (e.g. the PCI-DSS or NERC-CIP standards), Secunia CSI 6.0 allows enterprises to have a clear picture of the programs and vulnerabilities that exist in the environment, including how critical they are and how long they have existed. And with the new Scheduled Date Export function, Secunia CSI can also integrate with any preferred Government Risk and Compliance (GRC) solution, allowing users to further utilise their existing solutions to improve security and compliance.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6117
Published: 2014-07-11
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.

CVE-2014-0174
Published: 2014-07-11
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

CVE-2014-3485
Published: 2014-07-11
The REST API in the ovirt-engine in oVirt, as used in Red Hat Enterprise Virtualization (rhevm) 3.4, allows remote authenticated users to read arbitrary files and have other unspecified impact via unknown vectors, related to an XML External Entity (XXE) issue.

CVE-2014-3499
Published: 2014-07-11
Docker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.

CVE-2014-3503
Published: 2014-07-11
Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate passwords, which makes it easier for remote attackers to guess the password via a brute force attack.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Marilyn Cohodas and her guests look at the evolving nature of the relationship between CIO and CSO.