Citadel Issues Alert for Vulnerability Remediation Best Practices.Business Editors/High-Tech Writers DALLAS--(BUSINESS WIRE)--Jan. 27, 2003 Citadel's V-Flash Team Provides Largest Library of Automated Remediation Signatures for All Known Vulnerabilities A bug in software that has been identified. It typically refers to bugs that have been used for malicious purposes. For example, bugs in Web server, Web browser and e-mail client software are widely exploited by attackers. , Including SQL SQL in full Structured Query Language. Computer programming language used for retrieving records or parts of records in databases and performing various calculations before displaying the results. Slammer A worm that caused a billion dollars worth of damage on the Internet on January 25, 2003. Slammer infected computers all over the Internet by generating random IP addresses and causing the computer's buffer to overflow with its own instructions that replicate itself and start the process Citadel Security Software Inc. (OTCBB OTCBB See OTC Bulletin Board (OTCBB). : CDSS CDSS California Department of Social Services CDSS Clinical Decision Support Systems CDSS Country Dance and Song Society CDSS Canadian Down Syndrome Society CDSS Community Day Secondary Schools (Malawi) ), a leader in automated vulnerability remediation solutions, today outlines best practices to prevent the exploit of known vulnerabilities, such as the latest SQL Slammer attack. With the number of vulnerabilities increasing in size and frequency, software vulnerabilities such as SQL Slammer are only a fraction of the pool of potential threats that can be exploited. In order to effectively remediate the full range of vulnerabilities -- including not only software defects, but also insecure user accounts, unnecessary services such as telnet, backdoors such as SubSeven, and misconfigurations -- organizations can no longer rely on manual remediation. To counter the problem of limited time and resources, IT organizations have no choice but to incorporate automated vulnerability remediation (AVR (Automatic Voltage Regulation) See voltage regulator. ) into their standard business practices. Citadel's V-Flash team, which boasts the largest library of automated remediation signatures in the industry, recommends the following process to assure timely response and efficient remediation of vulnerabilities as they are identified: 1. Identify the number and type of systems within your organization; 2. Determine the vulnerabilities with multiple network and application scanners; 3. Assess the risk caused by the vulnerabilities; 4. Prioritize the response to the vulnerabilities; 5. Remediate the vulnerabilities immediately; and, 6. Repeat regularly as part of internal security regimen. "The patch for the SQL Slammer exploit was issued on July 26, yet almost six months later, organizations have still not remediated their systems. This attack needs to be a wake-up call for organizations worldwide to redefine how they mitigate security vulnerabilities," said Steve Solomon, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Citadel. "While the potential end damage of this attack is not yet known, SQL Slammer has already cost organizations significant time and money in downtime and loss of business. Automated vulnerability remediation solutions address the threats before attacks render systems useless. By providing frequent, consistent fixes, automated solutions can save enterprises significant upfront costs, while also decreasing remediation expenditures significantly over time and reducing IT security liability." According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. Aberdeen Group Aberdeen Group is a provider of business-related research services. It has its headquarters in Boston, Massachusetts and belongs to the Harte-Hanks group. Founded in 1988, Aberdeen's research is used by over 2. , enterprises currently spend in excess of $2 billion annually solely for the deployment of security patches, which represents only a small portion of the vulnerabilities facing the enterprise. Citadel helps enterprises effectively neutralize neutralize to render neutral. security vulnerabilities by providing users with the technology to automatically assess and remediate vulnerabilities quickly and effectively. Citadel's patent-pending Hercules provides enterprise users with full control over the automated remediation process, enabling efficient aggregation, prioritization and trusted resolution of vulnerabilities detected by industry-standard network and application scanners. About Citadel Citadel Security Software Inc. (OTCBB:CDSS) develops, markets and licenses computer security and privacy software for one of the fastest growing software industry segments today -- security inside the firewall. Citadel's Winshield(R) SecurePC(TM) and NetOFF(TM) products enable companies to enforce security policies from a single point of control. Citadel's Hercules' product remediates vulnerabilities from the five classes of security vulnerabilities: insecure accounts, unnecessary services, mis-configurations, back doors and software defects. Hercules' open architecture design allows the import and aggregation of assessment data from many sources. Hercules is interoperable with industry leading vulnerability assessment A Department of Defense, command, or unit-level evaluation (assessment) to determine the vulnerability of a terrorist attack against an installation, unit, exercise, port, ship, residence, facility, or other site. tools, allowing customers to address the real world issues of vulnerability assessment and remediation. Citadel's products also address the initiatives of the President's National Strategy to Secure Cyberspace In the United States government, the National Strategy to Secure Cyberspace, is a component of the larger National Strategy for Homeland Security. The National Strategy to Secure Cyberspace was drafted by the Department of Homeland Security in reaction to the September 11, 2001 and the mandates of HIPAA (Health Insurance Portability & Accountability Act of 1996, Public Law 104-191) Also known as the "Kennedy-Kassebaum Act," this U.S. law protects employees' health insurance coverage when they change or lose their jobs (Title I) and provides standards for patient health, and Gramm-Leach-Bliley legislation for the healthcare and financial industries. Further information about Citadel Security Software and its products can be accessed at its website, www.citadel.com. Safe Harbor/Forward-looking Statements: Except for the historical information contained herein, this news release contains forward looking statements that are subject to risks and uncertainties, including lack of Citadel operating history, uncertainty of product acceptance, uncertainty to compete effectively in a new market category and the uncertainty of profitability and cash flow of Citadel. These risks and uncertainties may cause actual outcomes and results to differ materially from expectations in this press release. The research performed by Aberdeen was underwritten by Citadel. These and other risks are detailed from time to time in CT Holdings' and Citadel's SEC reports, including CT's report on Form 1O-KSB for the year ended December 31, 2001 and most recent Form 10-QSBs, as well as Citadel's Registration Statement on Form 10-SB and amendments and most recent Form 10-QSBs. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion