Secunia Updates Vulnerability and Patch Management Solution

Secunia CSI 6.0 integrates vulnerability intelligence and scanning and patch creation to enable complete, reliable, cost-efficient patch management.

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

Secunia has released the newest version of its flagship solution, the Secunia Corporate Software Inspector (CSI) version 6.0. The solution helps customers understand and evaluate their entire threat landscape, identify exactly where application vulnerabilities exist, and how best to prioritize and implement remediation efforts, all while leveraging and maximizing existing security investments in current client management (CM), security information and event management (SIEM), and governance, risk, and compliance (GRC) tools.

Companies that do not have a complete overview of what is installed across laptops, PCs, and servers, and the security state of these programs, are at a disadvantage as it becomes impossible to prioritize remediation efforts and efficiently managing the environment to reduce risk and increase the security state -- and as the vulnerability threat landscape intensifyies. “In 2011, Secunia identified more than 800 end-point vulnerabilities, of which more than 50 percent were rated as highly or extremely critical (exploitable from remote), and 78 percent of all vulnerabilities affected non-Microsoft programs; that is, a greater, more critical, and more diverse vulnerability exposure that faces companies,” according to Morten R. Stengaard, director of product management and quality assurance at Secunia

The Secunia CSI provides the reliable, comprehensive, and up-to-date vulnerability intelligence and highly accurate scan results needed by IT operations and security teams to deal with these vulnerabilities. By combining these two capabilities with automated patch creation and integration, the intelligence becomes actionable in a CM, SIEM, and GRC perspective and is more cost effective.

The new easy integration with preferred deployment solutions such as Microsoft Windows Server Update Services (WSUS), Microsoft System Center Configuration Manager (SCCM), Altiris Deployment Solution, as well as other third-party configuration management tools allows for easy installation of third-party updates, making patching a simple and straightforward process for all IT departments. In cases where regulatory compliance is of concern (e.g., the PCI-DSS or NERC-CIP standards), Secunia CSI 6.0 allows enterprises to have a clear picture of the programs and vulnerabilities that exist in the environment, including how critical they are and how long they have existed

With the new Scheduled Date Export function, Secunia CSI can also integrate with any preferred government risk and compliance (GRC) solution, allowing users to further utilise their existing solutions to improve security and compliance.

New features in Secunia CSI 6.0 include:

  • Custom scan rules: Create and maintain custom rules for scanning customer created programs, drivers, and plugins.

  • Scanning Red Hat enterprise Linux (RHEL): View and export the RHEL inventory in the Secunia CSI after being processed by Secunia Detection/Version Rules.

  • Improved SCCM integration: Scan and display hosts connected to the upstream SCCM. Scan results are obtained from the data collected by the SCCM software inventory agent, which avoids the need to install the Secunia CSI agent on each client.

  • Secunia advisories: View all advisories relevant to Insecure or End-of-Life products in the user’s environment. The user can click a SAID (Secunia Advisory ID) to view a detailed description of the advisory.

  • Smart Groups: Configure Smart Groups based on a wide variety of criteria to help prioritize remediation efforts and stay secure and compliant by allowing the user to filter and segment their data.

  • Smart Group notification: Create and configure reminders, notifications, and alerts for a Smart Group based on the current state or changes to a group.

  • Exporting: Automatically extract and transfer data using export schedules (for example, daily) from the Secunia CSI into Security Information & Event Management (SIEM) solutions and reporting tools.

  • Active Directory integration: Automatically update organisational units and structure in the Secunia CSI when changes are made to the Active Directory.

  • Activity log: View information about all user activity within the Secunia CSI.

  • VIM Integration: View and manage the VIM accounts that have been verified and integrated with the Secunia CSI and create Asset Lists for the integrated VIM accounts. The Asset Lists are updated automatically with the Secunia CSI scan results.

  • IP Access Management: Configure the IP addresses the Secunia CSI console can be accessed from.

  • F1 Help: Press F1 to open a help topic associated with the currently selected window in the Secunia CSI or click Help at the top of the window to view all CSI help topics.

“Cybercriminals know that the complexity to stay secure will always leave numerous users with inadequately patched PCs which are easy to exploit,” say Stengaard. “We must not allow their job to be easy.”

The Secunia CSI 6.0 is available now and can be requested as a free trial here. More information is available here.

Must Read Articles