Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

2/13/2019
10:30 AM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Tripwire IP360 Now Discovers More Than 200,000 Conditions

vulnerability management solution Tripwire(R) IP360(TM) now discovers more than 200,000 conditions, including vulnerabilities, configurations, applications and operating systems.

PORTLAND, Ore. – Tripwire, Inc. today announced that vulnerability management solution Tripwire® IP360™ now discovers more than 200,000 conditions, including vulnerabilities, configurations, applications and operating systems.

Tripwire provides coverage of conditions, a lab, attention to the changing threat environment, and vulnerability intelligence through the Tripwire Vulnerability and Exposure Research Team (VERT). By identifying emerging vulnerabilities, Tripwire VERT is able to create unique detection signatures, which are constantly updated in the company’s vulnerability and risk management solutions, to deliver vulnerability discovery coverage and remediation guidance.

"Because Tripwire IP360 reports on all aspects of the host and not just the vulnerabilities, businesses can respond rapidly to the constantly evolving threat landscape,” said Tyler Reguly, manager of VERT. “Knowing exactly which applications are installed on a particular host means organizations can identify vulnerable hosts as soon as a new vulnerability is announced.”

Recent updates include expanded coverage into various Industrial Internet of Things (IIoT) protocols such as Constrained Application Protocol (CoAP), Message Queuing Telemetry Transport (MQTT), and Advanced Message Queuing Protocol (AMQP) as well as improved authenticated scanning for platforms like Cisco IOS and SUSE Enterprise Linux. Full support for Alpine Linux, as well as the ability to find vulnerabilities within Docker containers, is included in the new coverage released.

Recent coverage updates include:

  • IBM Tivoli product line
  • Kubernetes
  • Cisco ASA
  • Microsoft SharePoint Server 2019
  • Microsoft Exchange 2019
  • OpenSSH for Windows
  • Dropbox
  • VirtualBox

Tripwire IP360 is Tripwire's enterprise-class vulnerability management solution. Offering both agentless and agent-based capabilities, Tripwire IP360 provides a comprehensive view of vulnerability risks across hybrid environments, including on-premise, in the cloud, and in container-based environments. In addition to discovering and profiling network assets, the solution delivers advanced, dynamic prioritization metrics. It combines business asset values with vulnerability scores to prioritize security risks in the context of customer businesses. Tripwire IP360 is Common Criteria certified.

Tripwire VERT is composed of experienced security engineers and researchers who search the globe looking for the latest public and private vulnerabilities. Once risks are identified, VERT writes vulnerability signature detection algorithms that are included in Tripwire IP360. 

For more information about Tripwire IP360, visit: https://www.tripwire.com/products/tripwire-ip360.

For more information about Tripwire VERT, visit: http://www.tripwire.com/vert/.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-10855
PUBLISHED: 2019-05-23
Computrols CBAS 18.0.0 mishandles password hashes. The approach is MD5 with a pw prefix, e.g., if the password is admin, it will calculate the MD5 hash of pwadmin and store it in a MySQL database.
CVE-2019-10866
PUBLISHED: 2019-05-23
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
CVE-2016-7550
PUBLISHED: 2019-05-23
asterisk 13.10.0 is affected by: denial of service issues in asterisk. The impact is: cause a denial of service (remote).
CVE-2016-8897
PUBLISHED: 2019-05-23
Exponent CMS version 2.3.9 suffers from a sql injection vulnerability in framework/modules/help/controllers/helpController.php.
CVE-2016-8899
PUBLISHED: 2019-05-23
Exponent CMS version 2.3.9 suffers from a Object Injection vulnerability in framework/modules/core/controllers/expCatController.php related to change_cats.