Now that your company has invested time and resources in gathering information about your entire installed base of software and equipment, how can we analyze and measure its level of security protection? Can we identify the vulnerabilities in your company’s software? Can we create a scoring function that measures security and how it changes over time?
To address these questions, Würth Phoenix has put together a solution that adds information about IT security to existing information about installed software, helping company staff manage IT security.
Recall in fact that each vulnerability represents an element of security risk and one possible avenue of attack against our data by hostile hackers.
The principle data source is the hardware and software inventory (SCCM, GLPI, etc.), where you can find an updated list of the software installed on the various PCs and servers the company runs.
We should add to this information the related vulnerabilities which can be found principally in the CVE (Common Vulnerabilities and Exposure) database. CVE is a publicly available dictionary of vulnerabilities and security gaps. It is maintained by The MITRE Corporation and is financed by the Department of Homeland Security in the United States.
CVE is internationally recognized and the level of detail it contains allows for the evaluation of security risks which a company is exposed to. The objective achieved by Würth Phoenix’s solution is to connect the vulnerabilities in this database to the software in your inventory, and we can do this using CPE!
CPE is a standard for describing and identifying classes of applications, operating systems and hardware devices. These entities are described mainly by the name and version of the software.
Once our installed software from CPE is correlated with the CVE vulnerability database, we have all the information necessary to qualitatively measure a company’s IT risk. This can also be quantitative thanks to the the fact that every entry in CVE has a Severity Rating. This risk level is a number between 0 and 10 that according to the CVSS 2.0 standard is distributed as follows:
Severity
Base Score Range
Low
0.0 – 3.9
Medium
4.0 – 6.9
High
7.0-10.0
All this information is inserted periodically into NetEye and is then further processed in Kibana with ad-hoc dashboards.
Everything described above from an architectural point of view can be represented by the Deployment Diagram below. In purple we can see all those systems that have inventory data, and in yellow the NetEye servers and the ABSC server for processing the information.
Thus in the end we can state that with our solution we can visualize the processing of security information over time, find vulnerabilities present server-by-server or PC-by-PC, find the software that numerically introduces the greatest risks for our company, and many more besides as meets your needs.
“Hi everyone, I’m Roberto and I was born in Bolzano in 1971. After graduating as an Electronic Engineer at the University of Padua, I started my professional career as an industrial automation systems designer, back in the days when programs were written in assembly language. In 2000 I decided to enter the world of computer science because I was fascinated by the Web and the IT world, and so I went to work for the ISP provider of the Autonomous Province of Bolzano. Information technology and open source have become my passion as well as my work and I gained experience with many kinds of computer systems, other technical fields, and in business organization.
Now I’m here at Würth Phoenix and I’m ready for new challenges and experiences. In addition to work, I very much like to discover new places with my family and live near nature, especially by exploring the mountains.”
Author
Roberto Palmarin
“Hi everyone, I’m Roberto and I was born in Bolzano in 1971. After graduating as an Electronic Engineer at the University of Padua, I started my professional career as an industrial automation systems designer, back in the days when programs were written in assembly language. In 2000 I decided to enter the world of computer science because I was fascinated by the Web and the IT world, and so I went to work for the ISP provider of the Autonomous Province of Bolzano. Information technology and open source have become my passion as well as my work and I gained experience with many kinds of computer systems, other technical fields, and in business organization.
Now I’m here at Würth Phoenix and I’m ready for new challenges and experiences. In addition to work, I very much like to discover new places with my family and live near nature, especially by exploring the mountains.”
Synopsis Important: Icinga2 security update Type/Severity Security Advisory: Critical Topic An update for the package icinga2 is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of Critical. Common Vulnerability Scoring System Read More
Synopsis Important: GLPI security update Type/Severity Security Advisory: Critical Topic An update for the package glpi is now available for NetEye 4. NetEye Product Security has rated this update as having a security impact of Critical. Common Vulnerability Scoring System Read More
Hello everyone! As you may remember, a topic I like to discuss a lot on this blog is the Proof of Concept (POC) about how we could enhance search within our online NetEye User Guide. Well, we're happy to share Read More
In the ever-evolving landscape of IT monitoring and management, the ability to efficiently handle multi-dimensional namespaces is crucial. Within NetEye, Log-SIEM (Elastic), provides a comprehensive solution for managing the single namespace dimension with the namespace of a data_stream. This blog Read More
Hey everyone! We played around a bit last time with our radar data to build a model that we could train outside Elasticsearch, loading it through Eland and then applying it using an ingest pipeline. But since our data is Read More