14:00 CET on the 30th October 2012 Entry written by Morten Stengaard, Director, Product Management & Quality Assurance.
The Secunia Vulnerability Intelligence Manager (VIM) 4.0 is the latest evolutionary step in the technology developed by Secunia to help organizations handle vulnerabilities and protect critical information against potential attacks. Covering more than 40,000 software systems and applications, the Secunia VIM 4.0 solution provides the most comprehensive coverage available to organizations.
The unparalleled quality of the intelligence delivered by Secunia’s Research Team is the backbone of the solution, and with the new version we make sure that the intelligence is communicated even better. We provide the intelligence in real-time to our customers, with directions on how to respond to the threats. The filters and settings enable the security departments to distribute the intelligence to the appropriate stakeholders within the organization and to set up effective security processes.
A number of new great features and improved functionalities have been made and using the theme “Intelligence is power”, we are going to emphasize the importance of Real-time Vulnerability Intelligence to the market.
Because of our Research Team, the Secunia VIM has always been a fantastic product, and due to all the attention in the media during the last year concerning regulatory compliance and zero-days exploits – including the recent vulnerabilities in MS IE and Java – the introduction of the Secunia VIM 4.0 has the right timing to express the fact that “Our Intelligence is your power”.
The Secunia VIM enables organizations to provide external auditors with exhaustive information on how compliance policies are met. This is particularly important in some industries in the US, where organizations have to adhere to various regulatory standards such as PCS-DSS in the financial industry or NERC-CIP for energy and utility companies. As cybercrime against corporations, organizations and government institutions is increasingly being recognized as a security threat, the importance of managing software vulnerabilities is an aspect of security that is gradually receiving attention in organizations around the world.
If there are flaws in the software, cybercriminals can in principle gain access to the entire infrastructure of any organization. And modern organizations use a lot of different software programs: it is a common misconception to think that only the organization-wide systems purchased, implemented and maintained by company IT departments pose a risk - literally any software flaw in any program or application used in any endpoint related to the organization represents a security risk, including company phones or laptops used both professionally and privately by employees.
Effectively, any application downloaded to an employee smartphone represents a potential threat to the organization’s security. Consequently, it is not enough to manage the software systems that make up the organization’s official software infrastructure. And it is not enough to wait for official software patches from Microsoft and other large vendors, as only 22% of vulnerabilities affect Microsoft programs and operating systems, it is critical to have the correct vulnerability intelligence to spot the vulnerabilities in the remaining 78% - the third-party programs. And the threat to third-party programs is on the increase: the share of vulnerabilities in these has risen from 45% to 78% from 2006 to 2011.”