Security Experts:

Secunia Updates Vulnerability Intelligence Manager

Secunia, a Copenhagen, Denmark-based provider of vulnerability management solutions, has updated its vulnerability management platform to proactively alert organizations of software vulnerabilities so they can hopefully be addressed before infrastructure is compromised.

Secunia

The latest version of Vulnerability Intelligence Manager (VIM) will help organizations handle vulnerabilities and protect business-critical data and sensitive systems against potential attacks, Secunia said Tuesday. Secunia improved the user interface, asset matching capabilities, and the data export in VIM 4.0, the company said.

VIM 4.0 also now integrates with Secunia Corporate Software Inspector (CSI), the patch management software that scans and deploys matches from Microsoft and other third-party programs. Secunia released CSI v6.0 this past August, adding Red Hat Enterprise Linux support in addition to existing Windows and Mac OS X support.

While IT teams are getting better about staying on top of official patches from Microsoft, it is not enough, the company says, noting that just 22 percent of vulnerabilities are in Microsoft programs and the operating system, while the remaining 78 percent are in third-party programs.

"It is critical to have the correct vulnerability intelligence to spot the vulnerabilities" in third-party programs, Morten R. Stengaard, director of product management and quality assurance at Secunia, said in a statement.

Attackers are increasingly taking advantage of security flaws in software to get a foothold in to network. Any program downloaded to an employee laptop or personal device that can connect to the corporate network is "a threat to the organization's security," Secunia said. As a result, organizations have to proactively be aware of what vulnerabilities are still not patched in all installed applications.

With Secunia VIM, organizations have access to vulnerability intelligence, a comprehensive vulnerability management tool, and threat intelligence covering more than 40,000 systems and applications. Threat Intelligence gives organizations comprehensive real-time data about software vulnerabilities customized to their needs, and gives external auditors the information they need to ensure the organization is meeting compliance requirements, Secunia said.

"This is particularly important to corporations and organizations in the US, who have to meet exacting standards to keep their IT infrastructure secure, and who risk heavy fines if they do not meet the compliancy requirements that apply to their particular industry," said Stengaard.

The Secunia VM automates compliance management with guidelines, and gives organizations the ability to formalize and automate tasks relating to assessment, remediation, workflow approvals, exception management, and consolidated reporting, Secunia said. VIM 4.0 eases the task of defining and managing policies, mapping policies to controls, and collecting evidence the company is compliant.

Staying on top of the vulnerabilities allows organizations to address all security threats before criminals manage to compromise the network. VIM 4.0 gives teams relevant data so that teams don't spend their time "frantically trying to figure out" which issues to address in what order, Stengaard explained.

"The acclaimed quality of the intelligence delivered by Secunia’s Research Team is the backbone of the solution, and that intelligence becomes pure power in the hands of the security teams in the organizations," Stengaard said.

Fahmida Y. Rashid is a Senior Contributing Writer for SecurityWeek. She has experience writing and reviewing security, core Internet infrastructure, open source, networking, and storage. Before setting out her journalism shingle, she spent nine years as a help-desk technician, software and Web application developer, network administrator, and technology consultant.