Managing Unknown Vulnerabilities: An Infinite Space Problem
As technology continues to evolve and permeate the infrastructures that people and businesses rely on, mitigating unknown vulnerabilities in the software and devices that power our connected world is paramount.
The Attack Surface is Expanding: Every networked application and device represents an opportunity for attack. Today, there are nearly 13 billion connected devices, and by 2020 that number will rise to 25 billion.
The Stakes are Higher: Today, organizations depend on technology to process sensitive information and perform essential functions. Unknown vulnerabilities in business-critical software and devices pose a significant threat because they cannot be addressed by traditional forms of security such as firewalls, IDP/IPS, etc.
Power Lies in Prevention: The cost of addressing vulnerabilities increases exponentially as you move further down the development lifecycle and supply chain. Proactively discovering and remediating unknown vulnerabilities prevents attacks and reduces costs.
Bringing the Unknown Into View
With security and transparency emerging as Board-level mandates, there is a renewed urgency to find the vulnerabilities that put business performance at risk. Defensics is a next-generation security-testing platform that enables developers and users of technology to rapidly, reliably, and efficiently find and correct dangerous errors and flaws. By proactively bringing the unknown into total view, Defensics sets the bar for superior vulnerability management.
The technology at the core of Defensics is fuzz testing. This is an automated methodology that tests for unknown vulnerabilities by systematically sending invalid or unexpected inputs to the system under test. Fuzz testing exposes software defects and vulnerabilities more effectively than any other solution in the market.
Defensics was used to identify the OpenSSL Heartbleed vulnerability in April 2014 (Google independently reported the vulnerability at the same time). A security researcher at Codenomicon (now Synopsys) had been running a routine test of the Defensics feature, SafeGuard, when he identified a flaw in OpenSSL. It had gone unidentified for over two years. Ultimately Heartbleed impacted over 500,000 websites.
(Not All Protocols Listed)
FCoE + FIP
IEC 61850/Goose/ SV
NFS v4.0 / v4.1
Profinet DCP (PLC)
Profinet PTCP (PLC)
TLS/SSL 1.0/1.1, SSL3
Traffic Capture Fuzzer
Universal ASN.1 BER
Wi-Fi AP WPA
Wi-Fi Client WPA