The Secunia CSI provides non-intrusive authenticated vulnerability and patch scanning. It takes a different approach compared to other scanners by conducting authenticated scans of systems.
This makes it possible for the Secunia CSI to identify all installed programs and plug-ins based on the actual files present on the system.
The Secunia CSI then correlates program meta data with Secunia’s comprehensive product database to build an inventory of the installed programs and plug-ins.
This inventory is then correlated with vulnerability meta data based on Secunia Vulnerability Intelligence.
The accuracy of this approach is unprecedented and provides actionable results with risk ratings and other metrics based on Secunia Advisories.
The scan results of the Secunia CSI provide details about the full installation path, version details, direct links to patches, ratings, and access to Secunia Advisories with further vulnerability details and metrics as well as other useful information for alternative mitigation strategies.
Based on the details collected by the Secunia CSI, as well as the experts working behind the scenes at Secunia, it is possible to use the Secunia CSI to automatically repackage a large amount of patches for direct deployment and management using Microsoft System Center Configuration Manager.
The scanning also detects and reports end-of-life programs and plug-ins. This is software that is no longer supported by the vendor.
Software which has reached end-of-life should not be used due to a lack of vulnerability information about these products, and because the vendors will not be providing security updates.
The Secunia CSI also lists all the programs and plug-ins which are patched and up-to-date. This can be used to verify that patches have been properly applied and that old insecure versions have been removed.
It can also be used as a valuable and highly accurate supplement to other asset and license management tools. Many customers also use it to track the installation of non-approved programs and plug-ins.
Agent-less scanning of your systems can be performed out-of-the box. When running agent-less, the Secunia CSI utilises standard Windows networking services to scan the systems on your network.
Agent-based deployment is more flexible. It can be used in segmented networks and to scan systems that are not always online (e.g. laptops).
The agents can also be automatically deployed through the Microsoft System Center Configuration Manager integration.
Appliance mode offers “agent-less” scanning from centralized hosts; in branch offices for example.