Tag Archives: vulnerability

Guinea Pig and Vulnerability Management products

Guinea Pig and Vulnerability Management products. IMHO, security vendors use the term “Vulnerability Management” extremely inaccurate. Like a guinea pig, which is not a pig and is not related to Guinea, the current Vulnerability Management products are not about the actual (practically exploitable) vulnerabilities and not really about the management.

Guinea Pig and Vulnerability Management

Vulnerability should mean something solid and reliable, something that can be practically used by a malicious attacker or penetration tester.

When (so-called) Vulnerability Management vendors start working with indirect information from third-party about potential vulnerabilities in the software, that were possibly exploited by someone in some unknown conditions, or simply distance from responsibility: “we just provide information from the software vendor; software vendor knows better about the vulnerabilities in his own products”, it’s all falling into to the area of fortune telling and counting angels on the head of a pin.

Hardcore process of identifying weaknesses that real-life attackers can use moves to a boring compliance. For example, as PCI DSS requires, there should be no vulnerabilities above medium level (CVSS Base score > 4). At the same time, no one cares how fair this assessment of criticality is or how real these vulnerabilities are. All the analytics build on such formal data loses its sharpness and practical value.

Continue reading

F-Secure Radar Vulnerability Management solution

F-Secure Radar Vulnerability Management solution. In this blog I am writing mainly about VM market leaders. Most of them are US-based companies. However, there are vulnerability management solutions that are popular only in some particular country or region. About some of them you maybe have not even heard. At the same time, these solutions are rather interesting.

F-Secure Radar Dashboards

Vulnerability Scanner I want to present today, was initially developed by nSence company from Espoo, Finland. It was named “Karhu”, a “bear” in Finnish. In June 2015 antivirus company F-Secure has bought nSense and formed it’s Cyber Security Services department. The scanner was renamed in F-Secure Radar. Not to be confused with IBM QRadar SIEM 😉

Solution structure is similar to Qualys and Nessus Cloud. There is a remote server that provides a web interface: portal.radar.f-secure.com. You can scan your perimeter using the remote scanner. To scan the hosts within the network, you should deploy the Scan Node Agent on a Windows host.

Continue reading