Computer Intrusions : F-Secure revealed the two reasons for the pirates to reach…

Thanks to its unique feature of mapping the network, F-Secure Radar helps companies to identify and understand the risks related to the attack surface.

Download the free guide
Boost your gains

Rueil Malmaison, June 1, 2017, businesses are consistently seeking new technologies to protect against cyber attacks. According to the experts F-Secure, most of the companies have already been victims of intrusions… And that has nothing to do with the vulnerabilities, 0-Day, which, according to them, receiving more attention than they should.

“Based on our research, most companies have already been victims of computer intrusions, and this, mainly for two reasons : either due to software that is not updated, and with known vulnerabilities, either because of human error. For example, an employee falling into the trap of an e-mail phishing, ” explains Janne Kauhanen, Cyber Security Expert at F-Secure

Janne Kauhanen explains that all the other security measures are ultimately secondary and help simply to counter attacks that occur for one of two reasons. “Some companies, however, remain obsessed by the vulnerabilities, 0-Day and new attack methods, which remain marginal. ”

A new security vulnerability is identified every 90 minutes*, and several hundreds of vulnerabilities are uncovered each year. On average, it takes 103 days for a vulnerability to be corrected*. According to Gartner, in the past ten years, ” the time required to patch a vulnerability has been reduced from 45 to just 15 days “**. Gartner also states that” on average, the vulnerabilities, 0-Day (the vendor of the software has no knowledge of and no patch is available) represent only 0.4% of the vulnerabilities exploited each year. “**.

The massive attack of the cryptoransomware WannaCry is the most recent example of a vulnerability is already known, but carried on with success. This attack, which has infected the systems of dozens of countries and impacted many sectors (transport, health infrastructure) leverages a vulnerability in Windows Server Message Block (SMB), named MS17-010, which was patched by Microsoft last march. The expansion of this worm would have been reduced if more systems had been updated. The telemetry is the tool of management of vulnerabilities F-Secure, Radar, indicates that 15% of the hosts run Windows SMB. This epidemic shows how necessary it is for SMES to patch correctly their systems and do not expose them publicly. ”

You can’t fix the vulnerabilities that you have no knowledge

“The best way to fight cyber threats is to anticipate them, correcting vulnerabilities before they are exploited,” says Jimmy Ruokolainen, Vice President, Product Management at F-Secure. “Companies need to reduce their attack surface, but with shadow IT, the problems of external configurations and vulnerabilities of their partners, firms do not know their attack surface. This is where F-Secure Radar comes thanks to its simple and fast solution for mapping networks. ”

Tools for evaluating threats, you can typically find the vulnerabilities and the systems at risk, but only when the administrators know where to look. They only work really once all the systems must be reviewed. The network topology is the organization of a network, with its nodes and connecting lines. With F-Secure Radar, it managers can generate reports for evaluation of threats on the network of their organization and discover systems vulnerable or misconfigured, such as those exposed to the internet. They have total visibility, and can identify the risks or weak points on the network.

F-Secure Radar is a platform for the analysis and management of vulnerabilities. It allows companies to make an inventory of their network assets, identify and manage internal and external threats. With Radar, they can carefully analyze the risks and enter into compliance with current regulations and upcoming (PCI standards, regulations, RGPD, etc).

Radar allows you to streamline productivity and management of the cyber security business, through the monitoring of vulnerabilities, analysis of automated and scheduled, and prioritizing resolutions to issues.

“The exploitation of known vulnerabilities remains to be the origin of most of the computer intrusions,” explains Jimmy Ruokolainen. “With F-Secure Radar, leaders in it security can benefit from unparalleled visibility in relation to risks. They can detect their vulnerabilities and fix them before hackers can exploit them. ”

*Source : Nopsec, 2016 Outlook: Vulnerability Risk Management and Remediation Trends
**Source : Gartner, It’s Time to Align Your Vulnerability Management Priorities With the Biggest Threats, Craig Lawson, September 9, 2016

Download the free guide
Boost your gains

Like this post? Please share to your friends:
Leave a Reply