Now that your company has invested time and resources in gathering information about your entire installed base of software and equipment, how can we analyze and measure its level of security protection? Can we identify the vulnerabilities in your company’s software? Can we create a scoring function that measures security and how it changes over time?
To address these questions, Würth Phoenix has put together a solution that adds information about IT security to existing information about installed software, helping company staff manage IT security.
Recall in fact that each vulnerability represents an element of security risk and one possible avenue of attack against our data by hostile hackers.
The principle data source is the hardware and software inventory (SCCM, GLPI, etc.), where you can find an updated list of the software installed on the various PCs and servers the company runs.
We should add to this information the related vulnerabilities which can be found principally in the CVE (Common Vulnerabilities and Exposure) database. CVE is a publicly available dictionary of vulnerabilities and security gaps. It is maintained by The MITRE Corporation and is financed by the Department of Homeland Security in the United States.
CVE is internationally recognized and the level of detail it contains allows for the evaluation of security risks which a company is exposed to. The objective achieved by Würth Phoenix’s solution is to connect the vulnerabilities in this database to the software in your inventory, and we can do this using CPE!
CPE is a standard for describing and identifying classes of applications, operating systems and hardware devices. These entities are described mainly by the name and version of the software.
Once our installed software from CPE is correlated with the CVE vulnerability database, we have all the information necessary to qualitatively measure a company’s IT risk. This can also be quantitative thanks to the the fact that every entry in CVE has a Severity Rating. This risk level is a number between 0 and 10 that according to the CVSS 2.0 standard is distributed as follows:
Severity
Base Score Range
Low
0.0 – 3.9
Medium
4.0 – 6.9
High
7.0-10.0
All this information is inserted periodically into NetEye and is then further processed in Kibana with ad-hoc dashboards.
Everything described above from an architectural point of view can be represented by the Deployment Diagram below. In purple we can see all those systems that have inventory data, and in yellow the NetEye servers and the ABSC server for processing the information.
Thus in the end we can state that with our solution we can visualize the processing of security information over time, find vulnerabilities present server-by-server or PC-by-PC, find the software that numerically introduces the greatest risks for our company, and many more besides as meets your needs.
“Hi everyone, I’m Roberto and I was born in Bolzano in 1971. After graduating as an Electronic Engineer at the University of Padua, I started my professional career as an industrial automation systems designer, back in the days when programs were written in assembly language. In 2000 I decided to enter the world of computer science because I was fascinated by the Web and the IT world, and so I went to work for the ISP provider of the Autonomous Province of Bolzano. Information technology and open source have become my passion as well as my work and I gained experience with many kinds of computer systems, other technical fields, and in business organization.
Now I’m here at Würth Phoenix and I’m ready for new challenges and experiences. In addition to work, I very much like to discover new places with my family and live near nature, especially by exploring the mountains.”
Author
Roberto Palmarin
“Hi everyone, I’m Roberto and I was born in Bolzano in 1971. After graduating as an Electronic Engineer at the University of Padua, I started my professional career as an industrial automation systems designer, back in the days when programs were written in assembly language. In 2000 I decided to enter the world of computer science because I was fascinated by the Web and the IT world, and so I went to work for the ISP provider of the Autonomous Province of Bolzano. Information technology and open source have become my passion as well as my work and I gained experience with many kinds of computer systems, other technical fields, and in business organization.
Now I’m here at Würth Phoenix and I’m ready for new challenges and experiences. In addition to work, I very much like to discover new places with my family and live near nature, especially by exploring the mountains.”
Scenario NetEye 4 is a comprehensive monitoring platform which natively supports Business Processes. A Business Process is an abstract view of a customer’s business from the Application point of view. Usually, it’s a collection of Icinga 2 checks aggregated by Read More
Type/Severity Security Advisory: High Topic There is a security update for GLPI Agent Description This version specifically fixes 2 critical security issues related to MSI packaging on Windows: CVE-2024-28240: A local user could modify the GLPI Agent configuration to gain Read More
On March 25, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The catalog is updated regularly and contains those vulnerabilities most likely to be used in attacks. Organizations should monitor Read More
On February 3rd and 4th, 2024, we attended FOSDEM, a major event where thousands of free and open-source software developers from around the world gather to exchange ideas and collaborate. This year I dedicated much of the second day to Read More
Introduction: Unveiling Elastic APM in Containerized Environments In today's dynamic digital landscape, where every interaction matters, understanding the intricacies of application performance has become paramount. Elastic APM is a powerful toolset within the Elastic Stack included in the NetEye SIEM Read More