Vulnerabilities / Threats

2/13/2019
10:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Tripwire IP360 Now Discovers More Than 200,000 Conditions

vulnerability management solution Tripwire(R) IP360(TM) now discovers more than 200,000 conditions, including vulnerabilities, configurations, applications and operating systems.

PORTLAND, Ore. – Tripwire, Inc. today announced that vulnerability management solution Tripwire® IP360™ now discovers more than 200,000 conditions, including vulnerabilities, configurations, applications and operating systems.

Tripwire provides coverage of conditions, a lab, attention to the changing threat environment, and vulnerability intelligence through the Tripwire Vulnerability and Exposure Research Team (VERT). By identifying emerging vulnerabilities, Tripwire VERT is able to create unique detection signatures, which are constantly updated in the company’s vulnerability and risk management solutions, to deliver vulnerability discovery coverage and remediation guidance.

"Because Tripwire IP360 reports on all aspects of the host and not just the vulnerabilities, businesses can respond rapidly to the constantly evolving threat landscape,” said Tyler Reguly, manager of VERT. “Knowing exactly which applications are installed on a particular host means organizations can identify vulnerable hosts as soon as a new vulnerability is announced.”

Recent updates include expanded coverage into various Industrial Internet of Things (IIoT) protocols such as Constrained Application Protocol (CoAP), Message Queuing Telemetry Transport (MQTT), and Advanced Message Queuing Protocol (AMQP) as well as improved authenticated scanning for platforms like Cisco IOS and SUSE Enterprise Linux. Full support for Alpine Linux, as well as the ability to find vulnerabilities within Docker containers, is included in the new coverage released.

Recent coverage updates include:

  • IBM Tivoli product line
  • Kubernetes
  • Cisco ASA
  • Microsoft SharePoint Server 2019
  • Microsoft Exchange 2019
  • OpenSSH for Windows
  • Dropbox
  • VirtualBox

Tripwire IP360 is Tripwire's enterprise-class vulnerability management solution. Offering both agentless and agent-based capabilities, Tripwire IP360 provides a comprehensive view of vulnerability risks across hybrid environments, including on-premise, in the cloud, and in container-based environments. In addition to discovering and profiling network assets, the solution delivers advanced, dynamic prioritization metrics. It combines business asset values with vulnerability scores to prioritize security risks in the context of customer businesses. Tripwire IP360 is Common Criteria certified.

Tripwire VERT is composed of experienced security engineers and researchers who search the globe looking for the latest public and private vulnerabilities. Once risks are identified, VERT writes vulnerability signature detection algorithms that are included in Tripwire IP360. 

For more information about Tripwire IP360, visit: https://www.tripwire.com/products/tripwire-ip360.

For more information about Tripwire VERT, visit: http://www.tripwire.com/vert/.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Crowdsourced vs. Traditional Pen Testing
Alex Haynes, Chief Information Security Officer, CDL,  3/19/2019
BEC Scammer Pleads Guilty
Dark Reading Staff 3/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Well, at least it isn't Mobby Dick!
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
The State of Cyber Security Incident Response
The State of Cyber Security Incident Response
Organizations are responding to new threats with new processes for detecting and mitigating them. Here's a look at how the discipline of incident response is evolving.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-9945
PUBLISHED: 2019-03-23
SoftNAS Cloud 4.2.0 and 4.2.1 allows remote command execution. The NGINX default configuration file has a check to verify the status of a user cookie. If not set, a user is redirected to the login page. An arbitrary value can be provided for this cookie to access the web interface without valid user...
CVE-2019-9942
PUBLISHED: 2019-03-23
A sandbox information disclosure exists in Twig before 1.38.0 and 2.x before 2.7.0 because, under some circumstances, it is possible to call the __toString() method on an object even if not allowed by the security policy in place.
CVE-2018-20165
PUBLISHED: 2019-03-22
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
CVE-2019-1716
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 7800 Series and Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code. The vulnerability ...
CVE-2019-1763
PUBLISHED: 2019-03-22
A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exist...