Vulnerability Awareness Tools

Many small to medium sized businesses don’t manage their security well.  Some rely completely on a third party to manage their security, and to provide them with security intelligence.  There is nothing wrong with using a service or allowing someone knowledgeable to assist you with securtiy, in fact, it is the ideal model for SMB’s in my opinion, since Info-Sec staff are kind of expensive to keep hanging around.  However, as a Business Owner, Business Manager or IT Manager, you should be aware of and paying attention to evolving risks to your environment and asking your service providers what they are doing about them for you.

There are a number of good resources avaialble for FREE that will keep you in the loop.  Some of these are minimal offerings that provide just enough useful awareness if you have the time to conduct your own investigations, intended to tease you into buying an intelligence package.  These purchases are worth your while if the price is reasonable, and I encourage you to take advantage of the free feeds, as well as leverage the paid services of these companies.

 One company that offers excellent value and a pretty nice free feed service is Secunia.  They are based out of the Netherlands, and offer some fantastic products.  I especially like their genuine concern for home users, and the provisioning of a FREE vulnerability scanner and reporting service aimed at that niche.  Here is a snippet from their latest free email report.

During the past week 81 Secunia Advisories have been released. All Secunia customers have received immediate notification on the alerts that affect their business.  This weeks Secunia Advisories had the following spread across platforms and criticality ratings:

  • Platforms:
    • Windows:                       12 Secunia Advisories
    • Unix/Linux:                 40 Secunia Advisories
    • Other:                                3 Secunia Advisories
    • Cross platform:          26 Secunia Advisories
  • Criticality Ratings:
    • Extremely Critical:       0 Secunia Advisories
    • Highly Critical:             16 Secunia Advisories
    • Moderately Critical:   21 Secunia Advisories
    • Less Critical:                  33 Secunia Advisories
    • Not Critical:                    11 Secunia Advisories

Want to Subscribe?

Other handy services that a SMB should examine include NIST’s Vulnerability Database and Purdue University’s FREE Cassandra alerting system.  Cassandra simplifies keeping up-to-date with vulnerabilities.  Instead of going to NIST or Secunia every day and repeating the same searches, Cassandra does the work for you.  It works by saving lists of products, vendors and keywords. Whenever new information is available regarding these keywords, Cassandra can notify you by email.  I’ve been using both of these resources for years and am pleased with the informaiton that they provide.

This is just a short list of many resources that can be used to stay on top of security vulnerabilities as they are announced by vendors.  What do you use?