PROACTIVELY PROTECT YOUR NETWORK-BASED ASSETS
Organizations of all sizes invest billions of dollars each year on network security technologies. Yet they still continue to fall prey to denial of service attacks, fast moving viruses and blended threats, hackers and worms.
A single enterprise can spend millions per year on IDS, firewalls and anti-virus software, while the real network security culprits – common vulnerabilities and exposures (CVEs) – go largely undetected and uncorrected. CVEs are the systemic cause of over 90% of all network security breaches.
While it’s true that managing vulnerabilities is an arduous task and organizations have limited resources, the risks and costs to the enterprise are far greater if these weaknesses are not addressed.
Today’s networks are at risk. Not just because hackers are out there, but also because in a mobile world, any device can pick up a virus or Trojan or have a vulnerability that opens just enough of a window to your network that a hacker can exploit it to gain access. Just one CVE® in your network and you may be in trouble. CVE is the Standard by which all information security professionals will be judged and the litmus test against regulatory compliance including GLBA, HIPAA, 21 CFR FDA 11, E-Sign and SO-404 as relates to information assets.
DO YOU SPEAK CVE?
The most important information security question you need to answer is “Do You Speak CVE?” If you do not, then no matter how much you spend on INFOSEC countermeasures, you’ll never fully understand why you are experiencing downtime and successful hacker attacks. Not to mention the regulatory compliance risk you face.
Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides common names for publicly known information security vulnerabilities and exposures. Using a common name makes it easier to share data across separate databases and tools that until now were not easily integrated. This makes CVE the key to information sharing. If a report from one of your security tools incorporates CVE names, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.
CVE – An Industry Standard funded by the Department of Homeland Security – Operated by MITRE.
CVE is:
· One name for one vulnerability or exposure
· One standardized description for each vulnerability or exposure
· A dictionary rather than a database
· How disparate databases and tools can "speak" the same language
· The way to interoperability and better security coverage
· A basis for evaluation among tools and databases
· Accessible for review or download from the Internet
· Industry-endorsed via the CVE Editorial Board
Some CVEs are currently Candidates (CANs) – keep an eye out on both CVEs and CANidate CVEs.
Example CANdidate CVE:
CAN-2003-0352 (under review)
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message.
What exploited this CVE? Blaster, Msblast, LovSAN and the Nachi and Welchia worms causing massive downtime and financial losses.
Organizations of all sizes invest billions of dollars each year on network security technologies. Yet they still continue to fall prey to denial of service attacks, fast moving viruses and blended threats, hackers and worms.
A single enterprise can spend millions per year on IDS, firewalls and anti-virus software, while the real network security culprits – common vulnerabilities and exposures (CVEs) – go largely undetected and uncorrected. CVEs are the systemic cause of over 90% of all network security breaches.
While it’s true that managing vulnerabilities is an arduous task and organizations have limited resources, the risks and costs to the enterprise are far greater if these weaknesses are not addressed.
Today’s networks are at risk. Not just because hackers are out there, but also because in a mobile world, any device can pick up a virus or Trojan or have a vulnerability that opens just enough of a window to your network that a hacker can exploit it to gain access. Just one CVE® in your network and you may be in trouble. CVE is the Standard by which all information security professionals will be judged and the litmus test against regulatory compliance including GLBA, HIPAA, 21 CFR FDA 11, E-Sign and SO-404 as relates to information assets.
DO YOU SPEAK CVE?
The most important information security question you need to answer is “Do You Speak CVE?” If you do not, then no matter how much you spend on INFOSEC countermeasures, you’ll never fully understand why you are experiencing downtime and successful hacker attacks. Not to mention the regulatory compliance risk you face.
Common Vulnerabilities and Exposures (CVE) is a list or dictionary that provides common names for publicly known information security vulnerabilities and exposures. Using a common name makes it easier to share data across separate databases and tools that until now were not easily integrated. This makes CVE the key to information sharing. If a report from one of your security tools incorporates CVE names, you may then quickly and accurately access fix information in one or more separate CVE-compatible databases to remediate the problem.
CVE – An Industry Standard funded by the Department of Homeland Security – Operated by MITRE.
CVE is:
· One name for one vulnerability or exposure
· One standardized description for each vulnerability or exposure
· A dictionary rather than a database
· How disparate databases and tools can "speak" the same language
· The way to interoperability and better security coverage
· A basis for evaluation among tools and databases
· Accessible for review or download from the Internet
· Industry-endorsed via the CVE Editorial Board
Some CVEs are currently Candidates (CANs) – keep an eye out on both CVEs and CANidate CVEs.
Example CANdidate CVE:
CAN-2003-0352 (under review)
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message.
What exploited this CVE? Blaster, Msblast, LovSAN and the Nachi and Welchia worms causing massive downtime and financial losses.
posted by NetClarity at
6:07 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home