Analytics
8/30/2012
02:09 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Secunia Launches Corporate Software Inspector 6.0

Secunia CSI 6.0 combines vulnerability intelligence, vulnerability scanning and patch creation with patch deployment tool integration

Copenhagen, Denmark – August 30, 2012 - Secunia, the leading provider of IT security solutions that enable businesses and private individuals to manage and control vulnerability threats, today announced the general availability of the next generation of its flagship solution the Secunia Corporate Software Inspector (CSI) version 6.0 (http://secunia.com/vulnerability_scanning/ ). The new solution provides customers with the unique ability to understand and evaluate their entire threat landscape, identify exactly where application vulnerabilities exist and how best to prioritize and implement remediation efforts, all whilst leveraging and maximizing existing security investments in current Client Management (CM), Security Information & Event Management (SIEM), and Governance, Risk & Compliance (GRC) tools.

“The overall mission of the Secunia CSI 6.0 has been to empower our customers and their current infrastructure, while providing them with the best of breed vulnerability intelligence, scanning, and pre-created patch packages. We have therefore focused on developing the Secunia CSI’s integration capabilities, making the Secunia CSI 6.0 a much more useful and extensive Vulnerability and Patch Management tool”, said Morten R. Stengaard, Director of Product Management and Quality Assurance at Secunia.

Companies that do not have a complete overview of what is installed across laptops, PCs, and servers, and the security state of these programs, are at a disadvantage as it becomes impossible to prioritize remediation efforts and efficiently managing the environment to reduce risk and increase the security state – and the vulnerability threat landscape is intensifying. “In 2011, Secunia identified more than 800 end-point vulnerabilities, of which more than 50% were rated as highly or extremely critical (exploitable from remote), and 78% of all vulnerabilities affected non-Microsoft programs; that is, a greater, more critical, and more diverse vulnerability exposure that faces companies”, said Stengaard.

The Secunia CSI provides the reliable, comprehensive, and up-to-date vulnerability intelligence and highly accurate scan results needed by IT-operations and security teams to deal with these vulnerabilities. By combining these two capabilities with automated patch creation and integration, the intelligence becomes actionable in a CM, SIEM, and GRC perspective and more cost effective. ”Simply put, we have designed the new Secunia CSI to help our customers realize a better return on those investments while at the same time improving their security level”, said Stengaard.

The Secunia CSI 6.0 is the next ‘push’ from Secunia towards enabling companies to take their IT-security to a higher level, a development which is directly attributed to the on-going dialogue and feedback from customers. Among the most important new features is the updated vulnerability scanner that covers more operating platforms (Windows, Mac OSX, and Red Hat Enterprise Linux, (RHEL)), as well as the ability to scan for custom software throughout the environment, with updates being created using the Secunia Package System (SPS) and deployed with existing deployment solutions. With expanded coverage, organizations are armed with the information, responsiveness, and protection needed to ensure business continuity and minimize business damage.

Further, the new easy integration with preferred deployment solutions such as Microsoft Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager (SCCM), Altiris Deployment Solution, as well as any other third-party configuration management tools allows for easy installation of third-party updates, making patching a simple and straight-forward process for all IT departments. In the cases where regulatory compliance is of concern (e.g. the PCI-DSS or NERC-CIP standards), Secunia CSI 6.0 allows enterprises to have a clear picture of the programs and vulnerabilities that exist in the environment, including how critical they are and how long they have existed. And with the new Scheduled Date Export function, Secunia CSI can also integrate with any preferred Government Risk and Compliance (GRC) solution, allowing users to further utilise their existing solutions to improve security and compliance.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web