Commercial vulnerability research has traditionally been a useful tool towards gaining industry participants' respect and the media’s attention. The security industry, software vendors, and customers are best served by secure and responsible vulnerability research practices such as the services offered by Secunia. While knowledge of these vulnerabilities is a crucial first step in threat mitigation, customers must vigilantly test network assets and end-points to find and correct their issues. The opportunity represented by unpatched end-points is widely known amongst cyber criminals; however, these threats remain greatly underestimated by customers.
Chris Rodriguez, Industry Analyst for Frost & Sullivan, and Stefan Frei, Research Analyst Director for Secunia, will co-present during a webinar, "The Fundamental Failures of End-Point Security," on Monday, November 22, 2010, at 9:00 am CST.
Join the webinar to:
• get the latest insights on the vulnerability management market;
• examine the fundamental failings of end-point security, that continue to turn most Internet users (corporate and private) into easy prey for cybercriminals;
• understand the importance of frequent patching to keep programs up-todate.
Data from 2.6 million users of the Secunia PSI provide a unique insight into the exposure end-point systems. Secunia PSI is for private users only. The Secunia Research team is tasked with securing software and fighting the exploitation of vulnerabilities. This team is comprised of security specialists that are given dedicated research time to discover new vulnerabilities in the high-profile and critical business applications that are most important to Secunia customers. This branch is also designed to reward Secunia's researchers while honing their skills.
"Secunia has set the premier example for responsible and secure disclosure and research practices," explains Rodriguez of Frost & Sullivan.
Secunia does not disclose vulnerabilities (except for the affected vendor) until a patch is ready to be released by the software vendor. Secunia carefully coordinates the public disclosure process and will even collaborate with the software vendor to help address the reported issues. In addition, while Secunia does not have a formal contributor program set up, external researchers continue to disclose vulnerabilities to the company in an effort to correct these issues. As with Secunia's own internal research, external contributors must adhere to the company's strict vulnerability disclosure policy. These practices provide tremendous value for customers, as well as for software vendors and the overall state of security.
Secunia has provided a significant number of commercially reported vulnerabilities. However, Secunia has enhanced this value by implementing the most difficult, but comprehensive research practices, according to analysts at Secunia. While other security researchers rely on automated tools, Secunia Research focuses primarily on thorough code audits and binary analysis to discover new vulnerabilities. This is more time consuming but uncovers vulnerabilities that other techniques would miss.
This extensive knowledge base and expertise from Secunia's research team combined with the company's analysis of customer data has provided Secunia with unique insights into the state of today's security. In order to help customers to mitigate the threats presented by endpoints, Secunia offers the Corporate Software Inspector (CSI), an authenticated vulnerability and patch scanner which identifies installed programs and missing security patches. CSI integrates with Microsoft WSUS for easy patch distribution and with Microsoft SCCM for extensive patch management.
Secunia Personal Software Inspector (PSI) provides customers with free automatic updates for third party programs and is easily managed with a "one click" or silent update mode. Secunia PSI 2.0 uses the same framework and engine which is used in the company's robust commercial solution, the Corporate Software Inspector (CSI).
To register for the virtual event, please visit gotomeeting.com/register/436102521.
If you have any questions or would like more information about Frost & Sullivan's Network Security practice, please send an email to Jake Wengroff, Global Director, Corporate Communications, at jake.wengroff[.]frost.com with the following information: your full name, company name, title, company telephone number, company email address, city, state, and country.
About Frost & Sullivan
Frost & Sullivan (frost.com), the Growth Partnership Company, enables clients to accelerate growth and achieve best-in-class positions in growth, innovation and leadership. The company's Growth Partnership Service provides the CEO and the CEO's Growth Team with disciplined research and best-practice models to drive the generation, evaluation, and implementation of powerful growth strategies. Frost & Sullivan leverages over 45 years of experience in partnering with Global 1000 companies, emerging businesses and the investment community from 40 offices on six continents.