Tag Archives: McAfee

Asset Inventory for Internal Network: problems with Active Scanning and advantages of Splunk

In the previous post, I was writing about Asset Inventory and Vulnerability Scanning on the Network Perimeter. Now it’s time to write about the Internal Network.

Typical IT-infrastructure of a large organization

I see a typical IT-infrastructure of a large organization as monstrous favela, like Kowloon Walled City in Hong Kong. At the beginning it was probably wisely designed, but for years it  was highly effected by spontaneous development processes in various projects as well as multiple acquisitions. And now very few people in the organization really understand how it all works and who owns each peace.

There is a common belief that we can use Active Network Scanning for Asset Inventory in the organization. Currently, I’m not a big fan of this approach, and I will try to explain here the disadvantages of this method and mention some alternatives.

Continue reading

Divination with Vulnerability Database

Today I would like to write about a popular type of “security research” that really drives me crazy: when author takes public Vulnerability Base and, by analyzing it, makes different conclusions about software products or operating systems.

CVE Numbers their occult power and mystic virtues

The latest research of such type, was recently published in CNews – a popular Russian Internet portal about IT technologies. It is titled ““The brutal reality” of Information Security market: security software leads in the number of holes“.

The article is based on Flexera/Secunia whitepaper. The main idea is that various security software products are insecure, because of amount of vulnerability IDs related to this software existing in Flexera Vulnerability Database. In fact, the whole article is just a listing of such “unsafe” products and vendors (IBM Security, AlienVault USM and OSSIM, Palo Alto, McAfee, Juniper, etc.) and the expert commentary: cybercriminals may use vulnerabilities in security products and avoid blocking their IP-address; customers should focus on the security of their proprietary code first of all, and then include security products in the protection scheme.

What can I say about these opuses of this kind?

They provide “good” practices for software vendors:

  • Hide information about vulnerabilities in your products
  • Don’t release any security bulletins
  • Don’t request CVE-numbers from MITRE for known vulnerabilities in your products

And then analysts and journalists won’t write that your product is “a leader in the number of security holes”. Profit! ūüėČ

Continue reading

Who will take the market share of McAfee Vulnerability Manager?

McAfee¬ģ Vulnerability Manager (MVM) End of Life

We are observing an interesting case now. Short time ago, Intel Security have finally killed their McAfee¬ģ Vulnerability Manager (MVM) / FoundStone product and mutually with Rapid7¬†presented “Nexpose‚Ĩ Migration Toolkit”.

MVM to Nexpose migration

The Migration Toolkit contains Deployment and Migration related documentation that outlines the migration path, as well as a proprietary utility to easily migrate several key components of the customers MVM deployment into Nexpose.

Continue reading