This Past Week
1/23 - 1/31
  New Vulnerabilities  
986
 
New Signatures
 
289
Request More Information
Request White Papers
Subscribe to our Free Newsletter
 

Frequently Asked Questions

If your question isn't answered here, please contact us and we'll be glad to assist you!

Q: What is a Security Signature?
Q: Is the SecurityNexus Security Signature Map a vulnerability database?
Q: Aren't there a bunch of "signature mapping" capabilities already in existence? Why is your capability needed?
Q: Your list of supported products doesn't include "X". When will support for it be added?
Q: What do I need to be able to use the SecurityNexus Security Signature Map?

Q: What is a Security Signature?

A: A Security Signature is a pattern that identifies a specific security exploit or vulnerability. These signatures have names, such as "Sasser.B virus detected" or "WebDAV IIS Exploit Attempt". Security products use Security Signatures to detect vulnerabilities and attacks against customer systems. When those attacks or vulnerabilities are detected, most security products report the detection by using the signature name.

The problem comes into play when a customer is using a mix of security technologies and/or products from different vendors. Unfortunately, security signature names and identifiers are not standardized across the security industry. When attacks or vulnerabilities are discovered, each of the security products reports the attack or vulnerability using their specific signature naming scheme. As a result, the same attack or vulnerability is reported multiple times, with multiple signature names. This makes it difficult to know if the reported events are representing the same attack/vulnerability or different attacks/vulnerabilities.

SecurityNexus' Security Signature Map cross-references the unique vendor signatures to each other, allowing easy consolidation of security data for reporting and analysis purposes.

Q: Is the SecurityNexus Security Signature Map a vulnerability database?

A: No, although it includes references to vulnerabilities and vulnerability databases.  The SecurityNexus Security Signature Map represents the intersection of many vulnerability databases with the attack signature data from many other products.  Our goal is not to "reinvent the wheel" of creating a vulnerability database, but rather to ensure complete cross-referencing capability between products which otherwise cannot reference each other.

Q: Aren't there a bunch of "signature mapping" capabilities already in existence?  Why is your capability needed?

A: While it's true some vendors and organizations have created signature mapping data sets of varying levels of capability, there are a number of reasons why those offerings individually are inadequate, and thus lead to the SecurityNexus concept.  First, existing signature mapping offerings are limited in the scope of products and data sources they support.  For example, vulnerability databases, while good at providing referential information on vulnerabilities, have limited cross-reference capability back to the IDS products that actually detect the exploit attempt against the vulnerability. 

A recent quote in Network Computing's Security Pipeline publication spotlights the issue very well:

"Although vulnerability dictionaries, such as CVE (Common Vulnerabilities and Exposures), attempt to create some common methods of correlating products, our own investigation of signature sets and vulnerability checks showed a 60 percent crossover rate in best-case scenarios, below 30 percent in others. Doing it 'by hand' is still the only accurate mapping method we know of."

Not any more!

Some vendors provide signature mapping capabilities, but only for their own products.  Since most organizations use best-of-breed products from multiple vendors, these approaches are not sufficient.

Another limitation of existing signature mapping capabilities is their update frequency.  This is especially true of industry organizations, where the delay to assign "official" vulnerability or exploit IDs can be weeks or months after the vulnerability or exploit is first announced.

SecurityNexus' goal is to link all of these various signature sources together, to ensure a complete signature mapping capability that builds on the strengths of all of the sources.  Because this data set is core to our business, timely updates can be ensured.

Q: Your list of supported products doesn't include <Product X> .  When will support for it be added?

A: Our goal at SecurityNexus is to have complete coverage of all products, but because this can't happen overnight, we continually evaluate the popularity of products to be included in our data set to prioritize our development.  This evaluation is subjective, and based on a number of factors.  The most important of those factors is direct feedback from prospective and existing customers.  If you would like to see support for a product added to our data set, please let us know.

Q: What do I need to be able to use the SecurityNexus Security Signature Map?

A: Our Security Signature Map is a data feed that can be imported into any ODBC-compliant database.  The database can be hosted on any platform you wish, provided the system has Internet connectivity to download the data and updates, or has access to another host in your environment that can proxy the data feed.

Once the data set is loaded into your database, you can then use your choice of technologies to query into it.  Any ODBC-compliant reporting suites, scripting languages with database connectivity, etc., can be used to interact with the data.

 
Contact Us Privacy Policy Copyright Info Site Map