Pure Hacking, an award-winning Australian information security consultancy, has announced in its first 90 days of operation its recently launched vulnerability management service, Pure Hacking Enguard, has revealed that on average Australian business can expect to experience around 250 new vulnerability exposures annually. Additionally, it has confirmed that infrastructure changes generate the highest level of possible vulnerabilities for an organisation.
Since its launch in late 2013, Pure Hacking Enguard has monitored hundreds of thousands of hacking techniques and exploits with multiple scan engines, closely watching more than 180 security sources including underground hacking communities and forums, black-hat activity and 0-day exploits. Regular scanning combined with Pure Hacking Enguard is able to focus on medium to high security threats, allowing organisations to prioritise budget and attention to the top fifteen percent of their overall security issues.
Commenting on the rollout of the solution, David Muscat, Chief Operating Officer says, “When combining Pure Hacking Enguard with regular scanning and remediation processes, there is a significant reduction in the medium to high risk security threats. We have been able to track a 50 percent reduction in major issues, with the serious risks making up five percent of attacks, medium risk threats are around the 10 percent mark, whilst 20 – 40 percent are low risk and the rest are false positives.
“It is reassuring to be able to have a positive impact on the level of security threats and exposures by working directly with and complimenting the security management programs within our client base.”
Pure Hacking also combines its penetration testing expertise to confirm its Enguard findings are accurate. It’s searching of exploit databases and knowledge of exploit techniques validate if exposures are a real threat on a constant basis.
On validated threats, security experts work with clients to provide recommendations and assistance for remediation. Recently a high risk security threat was recognised within a financial services client.
“Pure Hacking Enguard identified a serious vulnerability connected with an off-the-shelf mobile device management product in the morning and by day’s end they had put a resolution in place for our client’s network. This was a focused response to a solution that was ironically installed to increase its protection,” continues Muscat.
Additional statistics from the Pure Hacking Enguard solution from the wider client base highlight top three security issues are based on:
1) Out of date software with vulnerabilities as a result of poor patch management
2) SSL issues due to insecure configuration of SSL servers supporting web applications
3) Unnecessary services are enabled and exposed resulting in a larger potential attack surface
Muscat continued: “Australian organisations need to patch their software much more often. Software that has known problems due to lack of patch is becoming a more regular occurrence. Organisations also need to make sure that they regularly check their configurations to ensure that they follow the latest standards whilst disabling vulnerable configurations. Ensuring that their software has limited rights on the server it is running on is also critical to ensuring breaches are contained.”