Chat with us, powered by LiveChat
    • Solutions

    • Network Vulnerability Scanning Software Services
    • Analyze
    • Score
    • Automate
    • What is on my network?
      Quickly, comprehensively and accurately assess endpoints and servers for operating system and application vulnerabilities.

    • Which assets are at risk, and what should I do about their vulnerabilities?
      Identify which assets are at risk and receive actionable intelligence to reduce workload and increase effectiveness.

    • How do I measure my overall risk and where should I focus remediation efforts?
      Benefit from a clear, easy-to-understand metric to determine your organization’s security posture.

    • How can I integrate Frontline vulnerability findings into my security workflow?
      Easily integrate discovered, analyzed, scored, and prioritized vulnerabilities into leading security workflow management platforms and SIEMs.

    • Test
    • Educate
    • Compliance
    • How do I assess where I’m exposed from an attacker’s perspective?
      Assess your “network attack surface” and your “personnel attack surface”.

    • How do I ensure all personnel are cognizant of risky “digital behavior”?
      Increase the security IQ of employees, contractors, and patrons to effectively defend against a security breach.

    • Am I meeting requisite compliance standards?
      Leverage the expertise of one of the world’s longest tenured PCI Approved Scanning Vendors (ASV) to achieve compliance AND an optimal level of security.

    • Frontline.Cloud Subscriptions

    • Frontline ATS Advanced™
    • Frontline Advanced™
    • Frontline Pro™
    • Frontline Active Threat Sweep Advanced (Frontline ATS Advanced) complements your existing endpoint protection technologies providing an agentless, easy to deploy method to quickly and reliably analyze assets for active threat activity and indications of compromise.

    • Frontline Advanced is Digital Defense’s flagship vulnerability management offering. Powerful and effective, the service is delivered in a rich, affordable and easy to consume subscription.

    • Frontline Pro provides the same industry leading solution subscription as Frontline Advanced, but adds a Personal Security Analyst (PSA) to help lift the burden of vulnerability management.

    • Frontline PCI Pro™
    • Frontline Pen Test™
    • Frontline WAS Advanced™
    • Frontline Payment Card Industry-Professional (PCI-Pro) service guides businesses through the PCI Data Security Standards (DSS) requirements maze with security expertise and personalized recommendations to achieve compliance.

    • Frontline Pen Test offers a conveniently packaged sequence of periodic (and scheduled) pen tests into an annual subscription.

    • Frontline Web Application Scanning Advanced (WAS Advanced) as a subscription will provide the highest level of results through a system that is easily deployed and maintained.

    • Frontline.Cloud Platform

    • Frontline Active Threat Sweep™
    • Frontline Vulnerability Manager™
    • Frontline Web Application Scanning™
    • Frontline Active Threat Sweep (Frontline ATS), an agentless system, enhances your existing defense-in-depth coverage by uncovering gaps in your present endpoint protection, active threats and indicators of compromise.

    • Frontline Vulnerability Manager (Frontline VM) is the industry’s most comprehensive, accurate, and easy to use VM system – bar none.

    • Frontline Web Application Scanning (Frontline WAS) has been developed to provide the highest level of dynamic web application testing results through a system that is easily deployed and maintained.

    • Technologies

    • DDI NIRV™
    • DDI VRT™
    • DDI DNA™
    • DDI NIRV – the technology core of Frontline RNA™ – works on the principle of real-time event-based tuning. As it learns more about hosts and the network, NIRV adjusts its plugin sets and auditing mechanisms in real time – leading to far more accurate and complete scanning data.

    • While Digital Defense has achieved public acclaim for its superior vulnerability scanning, vulnerability management, and best practice consultative services, we are also actively involved in security threat research.

    • Digital Node Attribution (DNA) is the core technology within Frontline VM that eliminates network drift. As point in time scans from RNA are fed into Frontline Vulnerability Manager™.

    • Professional Services

    • Frontline Pen Test Project™
    • Frontline Social Test™
    • Frontline Cyber Threat Management™
    • Understanding and addressing network and host vulnerabilities is, of course, an essential element to strong information security.

    • Social engineering is a popular technique attackers use to gain access to your network and, ultimately, valuable information held by your organization.

    • Frontline Cyber Threat Management solutions offer organizations expert threat intelligence to evaluate their level of risk in the ‘open, deep and dark web’.

    • SecurED® Training
    • TEAM™
    • Consultative Services
    • SecurED, an entertaining awareness training designed to optimize employee retention of serious security intelligence and best practices.

    • TEAM is a comprehensive online learning management system that helps you address Security Training, Education, and Awareness Module (TEAM™) to reduce risk.

    • As your organization grows in size and complexity, determining exposure to information asset risks becomes more challenging, as does your ability to identify threats and implement effective plans to address them.

  • Get a Quote
Grayson Kemper

Grayson Kemper

Content Developer & Marketer


Grayson Kemper is a Content Developer at 
Clutch. He primarily conducts research for Clutch’s SEO and Enterprise IT segments.

 

Recently, the cause of Equifax’s catastrophic cyber attack was revealed as a hack that exploited a known bug in in Equifax’s web application software, Apache Struts.

Since then, the discourse surrounding the event has shifted to two main subjects:

  1. The blame game: people want to hold someone responsible. The fallout has claimed the jobs of Equifax’s CSO, CIO, and now, CEO.
  2. The preventability of the attack: the attack originated from a known vulnerability. Doesn’t get more preventable than that.

The second focus is what I will explore in this article.

In response to the hack, the Apache Software Foundation released a statement acknowledging that the hack occurred through a bug in its software. In the statement, however, Apache also outlines a list of recommendations that it always provides for users of their software, all of which Equifax failed to uphold.

These snippets capture the message of each point:

 

  1. Keep track of security announcements affecting this products and versions.
  2. Establish a process to quickly roll out a security fix release of your software product
  3. Don’t build your security policy on the assumption that supporting software products are flawless
  4. Establish security layers
  5. Establish monitoring for unusual access patterns to your public Web resources

Based on this statement, the lesson for businesses to take away from Equifax’s breach: do not take cybersecurity for granted. As Apache states, “any complex software contains flaws. Don’t build your security policy on the assumption that supporting software products are flawless”. And, when those flaws are exposed, fix them.

 

Simply Having a Cybersecurity Policy Doesn’t Cut It

In a recent cybersecurity survey from Clutch, 94% of large companies claim to have a cybersecurity policy in place. Such ubiquity implies that companies recognize cyber attacks as a real threat, thus require formal policy and regulation to combat. This is a correct assumption, with a logical gap. Simply recognizing cybersecurity as a threat does not equate to adequate cyber defense, just like simply using security software does not mean your company is secure.

Clutch’s cybersecurity report elaborates on this disconnect. Despite having a policy in place, over half of businesses experienced phishing attacks and just under half experienced a trojan or malware attack in the past year.

Digital Defense, Inc. CIO, Tom DeSot recognizes the shortcomings of cybersecurity policies in the routine penetration tests he conducts on clients.

“We’re typically about 95% successful in getting [unauthorized] information either over the phone, via email, or in person,” said DeSot. “To me, that shows a weakness in policy.”

To be clear, Equifax is a huge company with complex IT services and resources at their disposal, and they had a cybersecurity policy in place before the attack. Their failure was not due to ignorance on cyber attacks as a threat. Their failure was due to a lack of depth and effective upkeep to crucial elements of their policy.

 

Don’t be Equifax: Easy Security Measures to Minimize Risk 

No policy will ever be bulletproof. Every company has security liabilities, particularly unwitting employees with inadequate security training.

However, there are easy, yet critical steps, that companies often take for granted, that are needed to address to avoid preventable cyberattacks. Two, in particular, are regular software updates and layered security.

 

1. Update Critical Software

Architectural and security software are living code designed by humans. Thus, they are prone to manual error and mishap. On the other side, the cybersecurity threat landscape is constantly evolving. Given these factors, software programmers and developers consistently update and reconfigure their products to best protect against the most contemporary threats.

Each company has a responsibility to stay informed of and implement the most recent software updates and to ensure maximum protection. If you installed security software internally, make sure you subscribe to system alerts or other communication with that provider to stay aware of the releases of recent updates and vulnerabilities. If you have cybersecurity companies on retainer, communicate with them regularly. It’s their job to stay on top of the most common, modern cybersecurity threats. Use that knowledge to strengthen your company’s cyber defenses.

 

2. Install Backup Security  

In baseball, a pitching staff has a starter and relievers. A starter has the potential to go all 9 innings. However, if he is unable to finish a game, due to exhaustion or poor performance, a coach has an entire bullpen of relievers he can depend on to complete the game.

Cybersecurity defense follows the same logic as a pitching staff. Your site and application framework are your major operating platforms (starting pitcher). However, you need additional levels of security (relievers) as an available backup if your operating frameworks are exhausted or bypassed by external threats.

A good cybersecurity policy has a deep “bullpen”, or additional firewalls and obstacles beyond your most external frameworks to thwart attacks. Hackers will find ways to exploit vulnerabilities, particularly on open-source software. However, it is a business’ job to make it as challenging as possible for hackers to access company data. The more security layers, the more challenging an external attack becomes.

 

Basic Practices Strengthen Cybersecurity Policy

A truly strong cybersecurity policy addresses both basic security measures and protects against contemporary threats. Equifax failed to uphold fundamental cybersecurity protocol and has paid dearly for it. To avoid a similarly avoidable attack, ensure that your company follows basic security practices, as outlined by Apache. In particular, stay informed and address the most recent security software updates and vulnerabilities and establish firewalls as additional lines of defense in case external frameworks are compromised.