Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


03:59 PM
Dark Reading
Dark Reading
Products and Releases

Secunia Releases--Zero-Day, Android And Complete Patch Management In CSI 7.0

Corporate Software Inspector, version 7.0 introduces new features and improvements for vulnerability and patch management

Copenhagen, September 4, 2013 –Secunia, a leading provider of IT security solutions that enable businesses and private individuals to manage and control vulnerability threats, today announced the release of the new version of the company's flagship solution: the Secunia Corporate Software Inspector, version 7.0, which introduces new features and improvements for vulnerability and patch management to organizations worldwide.

Cybercrime costs organizations millions of dollars(1) and to protect businesses from the consequences of security breaches, vulnerability intelligence and patch management are basic necessities in the toolbox of any IT team, as emphasized by organizations like the SANS Institute(2) and the National Institute of Standards and Technology under the US Department of Commerce (NIST)(2).

The [Secunia CSI 7.0] is the Total Package: Vulnerability Intelligence, Vulnerability Scanning with Patch Creation and Patch Deployment Integration

To help IT teams counter the threat, vulnerability research company Secunia merges their in-house vulnerability expertise with a sophisticated patch management solution into the Secunia Corporate Software Inspector (CSI 7.0). The foundation of the Secunia CSI is a unique combination of vulnerability intelligence and vulnerability scanning, with patch creation and patch deployment integration. The Secunia CSI integrates with Microsoft WSUS and System Center 2012 and third-party configuration management tools for easy deployment of third-party updates, making patching a simple and straight-forward process for all IT departments.

To make the solution flexible and suited to the processes of organizations of all sizes the new version, the Secunia CSI 7.0, comes with these new and improved features:

· Smart Groups 2.0: Create Smart Groups designed to prioritize remediation efforts by filtering and segmenting data based on hosts, products or impact, and to receive alerts when a threat is detected.

· User Management: Create user accounts with different roles and permissions.

· Patch Configuration: Get configurable patches out-of-the-box that can be easily customized to support your environment, for example to avoid desktop shortcuts or to disable auto-update for a program.

· Web Console (SaaS): Log in to the Secunia CSI from an internet browser for instant access to your data and reports - anywhere, at any time.

· Password Policy Configuration: Determine and enforce the global password policy for your organization to comply with internal and external policies, as well as to meet best-practice standards in your industry.

· Live updates: Get an immediate overview of how a new vulnerability affects your infrastructure as soon as the advisory has been released by Secunia Research, based on your latest scan results.

· PSI for Android: Scan Android devices for vulnerabilities with the Secunia PSI for Android, and integrate it with the Secunia CSI to support your BYOD policy.

· Secunia SC2012 Plugin 2.0: For CSI integration with Microsoft System Center 2012. This add-on makes it possible to deploy all third-party updates directly in Microsoft System Center 2012.

· Zero-Day Vulnerability Support: This add-on includes SMS or email alerts whenever a new zero-day vulnerability is discovered that affects the particular IT infrastructure. It is designed for organizations that have a sufficiently sophisticated security apparatus to enable them to act on the zero-day threat intelligence.

Why vulnerability intelligence is a crucial aspect of patch management

In 2012, Secunia recorded a total of nearly 10,000(3) discovered vulnerabilities in software programs, and more than 1,000 vulnerabilities in the 50 most popular programs alone(3). Most of these (86%) were discovered in third-party (non-Microsoft) programs(3), presenting IT teams with the huge challenge of how to retain control over increasingly complex infrastructures and user device autonomy and identify, acquire, install and verify patches for all applications in all systems.

As vulnerabilities are the root cause of security issues, understanding how to deal with them is a critical component of protecting any organization from security breaches. IT teams must know when a vulnerability is threatening the infrastructure, where it will have the most critical impact, what the right remediation strategy is and how to deploy it.

These aspects of risk assessment fall to IT Security and IT Operations respectively, and the two departments require different sets of tools to take strategic, pre-emptive action against vulnerabilities.

"The new Secunia CSI bridges the gap between the two sets of requirements. Security teams need vulnerability intelligence and scanning to assess risk in a constantly changing threat landscape, and IT operations need a patch management solution that is sufficiently agile to maintain security levels without impairing daily performance," explains Morten R. Stengaard, Secunia CTO.

"The core of our solution is the vulnerability intelligence delivered by Secunia's renowned in-house Research Team, who test, verify and validate public vulnerability reports, as well as conduct independent vulnerability research on a variety of products. No other patch management solution out there can provide this expertise. To deliver the intelligence to our customers we have created a patch management solution which is constantly evolving, to meet the changing requirements of our users," says Morten R. Stengaard.

Flexibility is the driving force behind the Secunia CSI 7.0

To ensure that the Secunia CSI 7.0 is primed to work as a conduit to Secunia's powerful vulnerability intelligence, scanning and patch management solution, flexibility has been the driving force behind the development of the Secunia CSI 7.0.

"Each organization is unique, with its own processes, regulatory standards and security procedures, and the improvements to the Secunia CSI 7.0 enables IT teams to adapt and scale the solution to match the requirements of virtually any organization," says Morten R. Stengaard.


(1) 2012 Cost of Cyber Crime Study: United States." Ponemon Institute. October 2012 http://www.ponemon.org/local/upload/file/2012_US_Cost_of_Cyber_Crime_Study_FINAL6%20.pdf

(2) SANS: http://www.sans.org/critical-security-controls/; NIST: http://www.nist.gov/itl/csd/guides-082013.cfm

(3) Secunia Vulnerability Review 2013: http://secunia.com/vulnerability-review/

Secunia partners and memberships:

MS-ISAC, FS-ISAC, ISF, EDUcause, Microsoft Technology Partner and System Center Alliance Member, FIRST, The Open Group.

About Secunia

Founded in 2002, Secunia is a leading provider of IT security solutions that help businesses and private individuals globally manage and control vulnerability threats, risks across their networks, and end-points. This is enabled by Secunia's award-winning Vulnerability Intelligence, Vulnerability Assessment, and Patch Management solutions that ensure optimal and cost-effective protection of critical information assets.

Secunia plays an important role in the IT security ecosystem, and is the preferred supplier for enterprises and government agencies worldwide, counting Fortune 500 and Global 2000 businesses among its customer base. Secunia is headquartered in Copenhagen, Denmark.

For more information, please visit secunia.com

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/22/2020
How an Industry Consortium Can Reinvent Security Solution Testing
Henry Harrison, Co-founder & Chief Technology Officer, Garrison,  5/21/2020
Is Zero Trust the Best Answer to the COVID-19 Lockdown?
Dan Blum, Cybersecurity & Risk Management Strategist,  5/20/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-26
The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.
PUBLISHED: 2020-05-26
An issue was discovered in ssl.c in Axel before 2.17.8. The TLS implementation lacks hostname verification.
PUBLISHED: 2020-05-26
lib/QoreSocket.cpp in Qore before lacks hostname verification for X.509 certificates.
PUBLISHED: 2020-05-26
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.
PUBLISHED: 2020-05-26
The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8 and Firefox < 76.