Cybercrime costs organizations millions of dollars(1) and to protect businesses from the consequences of security breaches, vulnerability intelligence and patch management are basic necessities in the toolbox of any IT team, as emphasized by organizations like the SANS Institute(2) and the National Institute of Standards and Technology under the US Department of Commerce (NIST)(2).
The [Secunia CSI 7.0] is the Total Package: Vulnerability Intelligence, Vulnerability Scanning with Patch Creation and Patch Deployment Integration
To help IT teams counter the threat, vulnerability research company Secunia merges their in-house vulnerability expertise with a sophisticated patch management solution into the Secunia Corporate Software Inspector (CSI 7.0). The foundation of the Secunia CSI is a unique combination of vulnerability intelligence and vulnerability scanning, with patch creation and patch deployment integration. The Secunia CSI integrates with Microsoft WSUS and System Center 2012 and third-party configuration management tools for easy deployment of third-party updates, making patching a simple and straight-forward process for all IT departments.
To make the solution flexible and suited to the processes of organizations of all sizes the new version, the Secunia CSI 7.0, comes with these new and improved features:
· Smart Groups 2.0: Create Smart Groups designed to prioritize remediation efforts by filtering and segmenting data based on hosts, products or impact, and to receive alerts when a threat is detected.
· User Management: Create user accounts with different roles and permissions.
· Patch Configuration: Get configurable patches out-of-the-box that can be easily customized to support your environment, for example to avoid desktop shortcuts or to disable auto-update for a program.
· Web Console (SaaS): Log in to the Secunia CSI from an internet browser for instant access to your data and reports – anywhere, at any time.
· Password Policy Configuration: Determine and enforce the global password policy for your organization to comply with internal and external policies, as well as to meet best-practice standards in your industry.
· Live updates: Get an immediate overview of how a new vulnerability affects your infrastructure as soon as the advisory has been released by Secunia Research, based on your latest scan results.
· PSI for Android: Scan Android devices for vulnerabilities with the Secunia PSI for Android, and integrate it with the Secunia CSI to support your BYOD policy.
· Secunia SC2012 Plugin 2.0: For CSI integration with Microsoft System Center 2012. This add-on makes it possible to deploy all third-party updates directly in Microsoft System Center 2012.
· Zero-Day Vulnerability Support: This add-on includes SMS or email alerts whenever a new zero-day vulnerability is discovered that affects the particular IT infrastructure. It is designed for organizations that have a sufficiently sophisticated security apparatus to enable them to act on the zero-day threat intelligence.
Why vulnerability intelligence is a crucial aspect of patch management
In 2012, Secunia recorded a total of nearly 10,000(3) discovered vulnerabilities in software programs, and more than 1,000 vulnerabilities in the 50 most popular programs alone(3). Most of these (86%) were discovered in third-party (non-Microsoft) programs(3), presenting IT teams with the huge challenge of how to retain control over increasingly complex infrastructures and user device autonomy and identify, acquire, install and verify patches for all applications in all systems.
As vulnerabilities are the root cause of security issues, understanding how to deal with them is a critical component of protecting any organization from security breaches. IT teams must know when a vulnerability is threatening the infrastructure, where it will have the most critical impact, what the right remediation strategy is and how to deploy it.
These aspects of risk assessment fall to IT Security and IT Operations respectively, and the two departments require different sets of tools to take strategic, pre-emptive action against vulnerabilities.
“The new Secunia CSI bridges the gap between the two sets of requirements. Security teams need vulnerability intelligence and scanning to assess risk in a constantly changing threat landscape, and IT operations need a patch management solution that is sufficiently agile to maintain security levels without impairing daily performance,” explains Morten R. Stengaard, Secunia CTO.
“The core of our solution is the vulnerability intelligence delivered by Secunia’s renowned in-house Research Team, who test, verify and validate public vulnerability reports, as well as conduct independent vulnerability research on a variety of products. No other patch management solution out there can provide this expertise. To deliver the intelligence to our customers we have created a patch management solution which is constantly evolving, to meet the changing requirements of our users,” says Morten R. Stengaard.
Flexibility is the driving force behind the Secunia CSI 7.0
To ensure that the Secunia CSI 7.0 is primed to work as a conduit to Secunia’s powerful vulnerability intelligence, scanning and patch management solution, flexibility has been the driving force behind the development of the Secunia CSI 7.0.
“Each organization is unique, with its own processes, regulatory standards and security procedures, and the improvements to the Secunia CSI 7.0 enables IT teams to adapt and scale the solution to match the requirements of virtually any organization,” says Morten R. Stengaard.