Codenomicon, the leading vendor of proactive security solutions, today announced the release of its Unknown Vulnerability Management (UVM) Lifecycle model. The UVM lifecycle is the industry's first security assurance process, which focuses on unreported vulnerabilities. The UVM model helps companies and organizations find and fix unknown vulnerabilities, before anyone has a chance to exploit them, making their software hacker-proof.
"Unknown vulnerabilities are the biggest threat to IT systems, because there are no defenses for attacks against them," says Ari Takanen, CTO of Codenomicon. "Thus, finding and fixing unknown vulnerabilities in in-house and third party software should be the number one security priority."
The most effective way to protect software is to fix critical vulnerabilities proactively. In all types of cyber attacks, the initial access is enabled by a vulnerability in an open software interface. Vulnerabilities also cause quality and interoperability problems. Numerous solutions exist for handling known, reported vulnerabilities, but Codenomicon's Unknown Vulnerability Management Lifecycle is the first model for managing previously unknown vulnerabilities. The Codenomicon UVM solutions can not only be used to secure networks, devices and applications, but also the software used to protect them, namely firewalls, VPNs etc.
"Codenomicon's solutions are used by top governments and leading software companies, operators, service providers and manufacturers to secure critical networks and to provide robust and reliable products and services", says David Chartier, CEO of Codenomicon. "The launch of the Unknown Vulnerability Management Lifecycle makes proactive security testing accessible to a wider audience."
The core technology behind Codenomicon's UVM model is Fuzzing, a technique used by hackers to find unknown vulnerabilities. Unlike other testing tools, Fuzzers do not look for particular vulnerabilities. Instead, they use modified inputs to trigger vulnerabilities, thus they can discover both known and unknown vulnerabilities. Codenomicon's award winning Defensics Attack Simulation Engine is the industry's only state-aware Fuzzing platform. It can genuinely interoperate with the tested system and target areas most prone to vulnerabilities, while maintaining broad coverage through automatic test generation. Defensics achieves unparalleled efficiency in finding both known and unknown vulnerabilities.
The Unknown Vulnerability Management process consists of four phases: Analyze, Test, Report and Mitigate. The whole process is covered by automated testing tools. In the first phase, the Codenomicon Network Analyzer is used to form a comprehensive picture of the entire network with automatically created visualizations. Once all the open interfaces are identified, they can then be tested for vulnerabilities with Codenomicon's automated Defensics test tools. All the expertise needed to carry out the tests is built into the tools. The Defensics tools also contain automated features for generating different levels of reports, reproducing vulnerabilities, performing regression testing and verifying patches. Finding, reporting and mitigating unknown vulnerabilities has never been easier.
Codenomicon is hosting a webcast on Unknown Vulnerability Management on April 12th 2011 with guest speaker Dr. Chenxi Wang, the VP and principal analyst from Forrester Research Inc. To register for the webcast, go to codenomicon.com/.
The Unknown Vulnerability Management Lifecycle and Solutions are also presented at the Infosecurity Europe in London and the Infosecurity World in Orlando, Florida, on April 19th to 21st 2011.
For other resources on unknown vulnerabilities, including three whitepapers visit the website.
About Codenomicon Ltd
Codenomicon (codenomicon.com) develops security and quality testing software, which allows users to quickly find and identify both known and previously unknown flaws before business-critical products or services are deployed. Their unique, targeted approach to the fuzz testing of networked and mobile applications exposes more flaws and weaknesses than any other testing platform or methodology. Companies rely on Codenomicon's solutions to mitigate threats, like Denial of Service (DoS) situations and Zero Day Attacks, which could increase liability, damage business reputation and cripple sales. Codenomicon is a member of the SDL Pro Network.