 |
|
DAILY NEWS AND INFORMATION
FOR THE GLOBAL GRID COMMUNITY / JULY 7, 2003: VOL. 2 NO. 27
|
Breaking News -
Security:
Internet Security Systems
Introduces The X-Force Index
Internet Security Systems, Inc. (ISS) announced the availability of its X-
Force Catastrophic Risk Index (CRI), a list of the most serious, high-risk
vulnerabilities and attacks currently affecting computer networks. Developed
by the X-Force, ISS' world-renowned security intelligence group, the X-Force
CRI acts as a best practices guide for customers applying Dynamic Threat
Protection, ISS' multi-layered approach to security. Always up-to-date and
publicly available on the ISS Web site, the Catastrophic Risk Index helps
companies prioritize protection around threats and vulnerabilities posing the
greatest risk to confidentiality, integrity and availability of essential
business systems. ISS experts will conduct a live Webinar discussing the X-
Force CRI on Wednesday, July 9, 2003 at 2 p.m. ET (11 a.m. PT, and 6 p.m.
GMT).
The X-Force CRI enables organizations to apply protection using a phased
approach, addressing the most serious risks on mission-critical systems first,
then targeting primary and general assets accordingly. With more than 10,000
vulnerabilities listed in the ISS X-Force database, catastrophic risks
identified by the X-Force must meet the following criteria:
- Pervasive to almost all organizations, across all industries
- Serious threat to confidentiality, integrity and availability of critical
data
- Potential cause of catastrophic business system failure
- Highly susceptible to virus and worm creation
"Our security intelligence team identifies and tracks 200-300 new
vulnerabilities and threats each month, which is an enormous load for
companies to keep up with while also focusing on their core business," said
Chris Rouland, vice president of ISS' X-Force. "Customers have demanded help
from ISS to address the most dangerous risks first. Easy-to-use and backed by
X-Force intelligence, the CRI is a valuable management and risk reduction tool
against which organizations can measure their preparedness for a catastrophic
network attack or business system failure."
The X-Force Catastrophic Risk Index is also available as a new policy in
ISS'
award-winning Internet Scanner vulnerability detection tool. The X- Force
CRI policy in Internet Scanner automatically identifies critical
vulnerabilities and provides guidance for effectively reducing the risk of
attack. Knowing which vulnerabilities to address first, security
administrators can easily apply Dynamic Threat Protection across network,
server and desktop environments from the SiteProtector central management
system.
The Catastrophic Risk Index provides instructions for configuring
RealSecure and Proventia protection agents to protect against
vulnerabilities and attacks without actually applying a physical security
patch. ISS calls this the Virtual Patch process. With the X-Force CRI,
applying a Virtual Patch to critical vulnerabilities is made simple because
remediation instructions are already part of the index. However, companies
using ISS' Dynamic Threat Protection platform can apply a Virtual Patch
for almost any vulnerability because of the ability to correlate data between
Internet Scanner, RealSecure and Proventia.
The X-Force CRI includes major exploits, pervasive worms and critical
patches
covering serious software weaknesses. The list and a corresponding whitepaper
are available to the public on the ISS Web site at
www.xforce.iss.net/xforce/riskindex. The Catastrophic Risk
Index will
now be referenced in all future releases of the Internet Risk Impact Summary
(IRIS) report. Developed by the ISS X-Force, the IRIS is the only quarterly
report to publish cyber attack trends based on factors such as the industry's
largest number of monitored security devices, actual attacks detected and
researched vulnerabilities.
|