In 2014, a major new security vulnerability referred to as the Bash or Shellshock bug was discovered affecting a vast swathe of computing systems, Web hosts, cloud services and even Internet-connected devices as part of the vulnerability assessment process. There were many more such vulnerabilities discovered in 2016 such as the heart bleed, ransomware breaches, Dirty Cow (CVE-2016-5195), PHP Mailer RCE (CVE-2016-10033, CVE-2016-10045), Image Tragick (CVE-2016-3714), Drown (CVE-2016-0800), Remote Code execution (CVE-2016-463), persistent code execution (CVE-2016-5180), and so on. And in healthcare there were as many such breaches due to vulnerabilities.
What is Security Vulnerability?
Security vulnerability is anything that exposes a potential avenue of attack against a system. This may include viruses, incorrectly-configured systems, passwords written on sticky pads and left in a state that can easily be seen by others, and others, increasing the risk to a system. More formally, Security Vulnerability may be defined as “a set of conditions that leads or may lead to an implicit or explicit failure of the confidentiality, integrity, or availability of an information system.” ISO 27001 defines Vulnerability as “a weakness in an asset or group of assets. An Asset’s weakness could allow it to be exploited and harmed by one or more threats“. As per ISO, “A threat is a potential event. When a threat turns into an actual event, it may cause an unwanted incident. It is unwanted because the incident may harm an organization or system” and an “Asset is any tangible or intangible thing that has value to an organization“. Vulnerability assessment is an ongoing process
As enumerated and listed in Common Vulnerability Enumeration database there are:
- 60,000+ common vulnerabilities
- 900+ common weaknesses
- 1014+ Common configuration errors
- 150,000+ security related events, and
- Large number application related errors
Aegify Solution, a vulnerability assessment tool, is a multiple award winning Security scanning tool that scans your network to determine a huge number of vulnerabilities. Aegify addresses the vulnerability of an organization’s assets from certain critical parameters – Asset visibility, target utility, asset accessibility, asset mobility, presence of hazardous materials, and collateral damage potential. The solution provides for ongoing security assessment checks.
In 2014, Aegify got 5 out of 5 stars in the SC magazine review.