The Secunia scanning technology takes a different approach than other vulnerability scanning solutions by conducting non-intrusive scans to accurately identify all installed programs and plug-ins on the system.
Secunia Corporate Software Inspector also integrates seamlessly with Microsoft WSUS, CM 2012 & SCCM 2007.
The Secunia CSI takes a different approach than other scanners by conducting authenticated scans of systems. This makes it possible for the Secunia CSI to identify all installed programs and plug-ins based on the actual files present on the system.
The Secunia CSI correlates program meta data with Secunia's comprehensive product database to build an inventory of the installed programs and plug-ins. This inventory is in turn correlated with vulnerability meta data based on Secunia Vulnerability Intelligence.
The accuracy of this approach is unprecedented and provides actionable results with risk ratings and other metrics based on Secunia Advisories.
Scan results The scan results of the Secunia CSI provides details about the full installation path, version details, direct links to patches, ratings, access to Secunia Advisories with further vulnerability details and metrics as well as other useful information for alternative mitigation strategies.
Based on the details collected by the Secunia CSI, as well as the experts working behind the scenes at Secunia, it is possible to use the Secunia CSI to automatically repackage a large amount of patches for direct deployment and management using Microsoft WSUS and Microsoft SCCM.
The scanning also detects and reports end-of-life programs and plug-ins. This is software which for some reason is not supported by the vendor. Software which has reached end-of-life should not be used due to lack of vulnerability information about these products and that the vendors will not be providing security updates.
The Secunia CSI also lists all the programs and plug-ins which is patched and up-to-date. This can be used to verify that patches has been properly applied and that old insecure versions has been removed. It can also be used as a valuable and highly accurate supplement to other asset and license management tools, many customers also use it to track installation of non-approved programs and plug-ins.
Flexible deployment The Secunia CSI offers different deployment options to suit your environment:
Agent-less scanning of your systems can be performed out-of-the box. When running agent-less the Secunia CSI utilises standard Windows networking services to scan the systems on your network.
Agent-based deployment is more flexible and can be used in segmented networks and to scan systems that aren't always online (e.g. laptops).
Appliance mode offers "agent-less" scanning from centralised hosts in e.g. branch offices.
CLI mode makes it possible to schedule and manage scans using other tools (e.g. log-on scripts).
Microsoft WSUS Integration for Third-Party Patch Management
Secunia CSI integrates seamlessly with Microsoft WSUS, for easy deployment of third party updates. This makes installing updates simple and straightforward due to the automatic repackaging feature and the Microsoft WSUS distribution management functionality in the Secunia CSI.
Secunia CSI provides simple methods for repackaging and publishing patches for distribution via Microsoft WSUS, it can literally be conducted with a few simple steps:
Select insecure programs to patch
Secunia CSI Automatic repackage and publish patch to Microsoft WSUS
Microsoft SCCM Integration for Third-Party Patch Management
Organisations that use Microsoft System Center Configuration Manager (SCCM) 2007 or 2012 already have agents installed on the endpoints in their environment. Instead of installing an additional agent from Secunia, these can now configure the SCCM agent to handle the scanning, which means one less agent on all their endpoints.
Secunia CSI adds a critical security aspect to the Software Update Management and Asset Intelligence capabilities of Microsoft SCCM. While SCCM offers many great features in order to configure and manage servers and desktops, SCCM lacks the specialised capabilities within software inventory mapping and security intelligence related to software.
Secunia CSI provides highly detailed software inventory including both programs and plug-ins. This inventory is in turn mapped to security intelligence related to the individual programs and plug-ins as well as details about vendor supplied security updates.
Secunia CSI can automatically repackage these security updates / patches and push them to SCCM, allowing you to control, manage, and monitor the deployment using SCCM. Secunia CSI can further conduct scans of desktop and server systems to ensure that the updates are applied correctly and that all systems are fully compliant.
1st of november 2012: Do all your patching directly from the Microsoft System Center 2012 Configuration Manager console
Thanks to the full integration between Microsoft System Center 2012 and Secunia CSI 6.0 you no longer have to login to separate consoles to do your day-to-day work. We have made the Secunia Package System available directly in System Center 2012 Configuration Manager, including all the preconfigured patches that come with Secunia CSI.
Deploying Windows 7? Protect your investment. Security wise Windows 7 offers many improvements over previous versions of Microsoft Windows. The security offered by e.g. Windows XP is not sufficient in the current environment with sophisticated cyber attacks.
Despite the many improvements in Windows 7, it still needs proper maintenance and updating. Microsoft and other software vendors offer great tools to update and maintain the operating system itself, however, they all fall short in the ability to identify and secure third party programs and plug-ins.
“In particular third-party plug-ins have been found to pose a significant threat to recent versions of Windows. Microsoft Security Intelligence Report Vol. 7 claims that 85% of all compromises of Vista systems exploited vulnerabilities in third-party programs, and a recent report from ScanSafe claims that 80% of all web-based exploits in Q4 2009 were "utilizing" PDF documents.”
Keeping track of third-party programs and plug-ins and keeping them up-to-date is probably one of the most challenging tasks for both Corporate IT-Security and IT-Operations. The reason for this is that current asset management and patch management tools are very Microsoft centric and fail to handle third-party programs and plug-ins, the few that handle third-party programs and plug-ins have a limited scope and only focus on a few handfuls of the most popular programs and plug-ins.
Secunia CSI on the contrary has a significant larger scope, currently Secunia CSI can detect and report on the security state of thousands of programs and plug-ins from 2,300 software vendors, thus Secunia CSI provide the markets most accurate monitoring and reporting functions for both Microsoft and third-party programs and plug-ins, further Secunia CSI integrates with some of the strongest desktop management systems on the market, Microsoft WSUS and Microsoft SCCM.
Protect your Windows 7 investment, try Secunia CSI now to learn how your desktops can stay secure and compliant.
The Secunia CSI can now be easily integrated with your preferred patch deployment solution (for example, the Altiris Deployment Solution) using the Secunia Patch Deployment SDK to allow for easy patch management (patch scanning, patch creation and patch deployment).