Chat with us, powered by LiveChat
    • Solutions

    • Network Vulnerability Scanning Software Services
    • Analyze
    • Score
    • Automate
    • What is on my network?
      Quickly, comprehensively and accurately assess endpoints and servers for operating system and application vulnerabilities.

    • Which assets are at risk, and what should I do about their vulnerabilities?
      Identify which assets are at risk and receive actionable intelligence to reduce workload and increase effectiveness.

    • How do I measure my overall risk and where should I focus remediation efforts?
      Benefit from a clear, easy-to-understand metric to determine your organization’s security posture.

    • How can I integrate Frontline vulnerability findings into my security workflow?
      Easily integrate discovered, analyzed, scored, and prioritized vulnerabilities into leading security workflow management platforms and SIEMs.

    • Test
    • Educate
    • Compliance
    • How do I assess where I’m exposed from an attacker’s perspective?
      Assess your “network attack surface” and your “personnel attack surface”.

    • How do I ensure all personnel are cognizant of risky “digital behavior”?
      Increase the security IQ of employees, contractors, and patrons to effectively defend against a security breach.

    • Am I meeting requisite compliance standards?
      Leverage the expertise of one of the world’s longest tenured PCI Approved Scanning Vendors (ASV) to achieve compliance AND an optimal level of security.

    • Frontline.Cloud Subscriptions

    • Frontline ATS Advanced™
    • Frontline Advanced™
    • Frontline Pro™
    • Frontline Active Threat Sweep Advanced (Frontline ATS Advanced) complements your existing endpoint protection technologies providing an agentless, easy to deploy method to quickly and reliably analyze assets for active threat activity and indications of compromise.

    • Frontline Advanced is Digital Defense’s flagship vulnerability management offering. Powerful and effective, the service is delivered in a rich, affordable and easy to consume subscription.

    • Frontline Pro provides the same industry leading solution subscription as Frontline Advanced, but adds a Personal Security Analyst (PSA) to help lift the burden of vulnerability management.

    • Frontline PCI Pro™
    • Frontline Pen Test™
    • Frontline WAS Advanced™
    • Frontline Payment Card Industry-Professional (PCI-Pro) service guides businesses through the PCI Data Security Standards (DSS) requirements maze with security expertise and personalized recommendations to achieve compliance.

    • Frontline Pen Test offers a conveniently packaged sequence of periodic (and scheduled) pen tests into an annual subscription.

    • Frontline Web Application Scanning Advanced (WAS Advanced) as a subscription will provide the highest level of results through a system that is easily deployed and maintained.

    • Frontline.Cloud Platform

    • Frontline Active Threat Sweep™
    • Frontline Vulnerability Manager™
    • Frontline Web Application Scanning™
    • Frontline Active Threat Sweep (Frontline ATS), an agentless system, enhances your existing defense-in-depth coverage by uncovering gaps in your present endpoint protection, active threats and indicators of compromise.

    • Frontline Vulnerability Manager (Frontline VM) is the industry’s most comprehensive, accurate, and easy to use VM system – bar none.

    • Frontline Web Application Scanning (Frontline WAS) has been developed to provide the highest level of dynamic web application testing results through a system that is easily deployed and maintained.

    • Technologies

    • DDI NIRV™
    • DDI VRT™
    • DDI DNA™
    • DDI NIRV – the technology core of Frontline RNA™ – works on the principle of real-time event-based tuning. As it learns more about hosts and the network, NIRV adjusts its plugin sets and auditing mechanisms in real time – leading to far more accurate and complete scanning data.

    • While Digital Defense has achieved public acclaim for its superior vulnerability scanning, vulnerability management, and best practice consultative services, we are also actively involved in security threat research.

    • Digital Node Attribution (DNA) is the core technology within Frontline VM that eliminates network drift. As point in time scans from RNA are fed into Frontline Vulnerability Manager™.

    • Professional Services

    • Frontline Pen Test Project™
    • Frontline Social Test™
    • Frontline Cyber Threat Management™
    • Understanding and addressing network and host vulnerabilities is, of course, an essential element to strong information security.

    • Social engineering is a popular technique attackers use to gain access to your network and, ultimately, valuable information held by your organization.

    • Frontline Cyber Threat Management solutions offer organizations expert threat intelligence to evaluate their level of risk in the ‘open, deep and dark web’.

    • SecurED® Training
    • TEAM™
    • Consultative Services
    • SecurED, an entertaining awareness training designed to optimize employee retention of serious security intelligence and best practices.

    • TEAM is a comprehensive online learning management system that helps you address Security Training, Education, and Awareness Module (TEAM™) to reduce risk.

    • As your organization grows in size and complexity, determining exposure to information asset risks becomes more challenging, as does your ability to identify threats and implement effective plans to address them.

  • Get a Quote

San Antonio, TX – April 10, 2017 Digital Defense, Inc., a leading provider of Vulnerability Management as a Service (VMaaS™), disclosed the discovery of four zero-day vulnerability threats found in the Riverbed Technology SteelCentral Portal version 1.3.1 and 1.4.0. The vulnerabilities are critical in nature due to the ability of a cybercriminal to exploit these issues to gain access to the performance monitoring platform and retrieve confidential data. Riverbed has collaborated closely with Digital Defense and addressed these vulnerabilities.

About the Vulnerabilities

Digital Defense Vulnerability Research Team (VRT) identified previously unknown vulnerabilities through security vulnerability detection, while developing new audit modules for its patented vulnerability scanning technology.

Two unauthenticated remote code execution vulnerabilities would allow an attacker to run arbitrary code with SYSTEM privileges and fully compromise the host running the SteelCentral Portal application. Compromise of the portal application would allow for credentials of all connected SteelCentral data sources to be recovered and leveraged to further compromise the connected data sources.

Additionally, two information disclosure flaws would allow unauthenticated user enumeration, disclosing valid usernames for the Riverbed SteelCentral Portal application and its connected data sources.

Riverbed has addressed the vulnerabilities. For more information, customers may contact Riverbed customer support staff through their support portal.

Details surrounding each of the four vulnerabilities are available on the Digital Defense website. Additionally, the company’s patented scanning technology can detect all of these vulnerabilities with explicit network tests for the affected network services.

Digital Defense Research Methodology and Practices

The Digital Defense VRT regularly works with organizations in the responsible disclosure of zero-day vulnerabilities. The expertise of the VRT, when coupled with the company’s next generation cloud-based vulnerability manager platform, FrontlineVulnerability Manager, enables early vulnerability detection capabilities. When zero-days are discovered and internally validated, the VRT immediately contacts the affected vendor to notify the organization of the new finding(s) and then assists, wherever possible, with the vendor’s remediation actions.

“Security flaws in the application-layer of critical infrastructure remain a blind spot for both vendors and the organizations they serve”, said Mike Cotton, Vice President of Research and Development at Digital Defense.  “We applaud Riverbed for working with us to pinpoint and eliminate these flaws from their platform.”

 

About Digital Defense

Founded in 1999, Digital Defense, Inc. is a trusted provider of managed security risk assessment solutions, protecting billions of dollars in assets for clients around the globe. This includes highly regulated industries such as healthcare, financial, and retail, as well as those entrusted with sensitive data such as law firms and energy companies. Digital Defense’s unique Vulnerability Management as a Service (VMaaS) model delivers consistently accurate vulnerability scanning and penetration testing, while its security awareness training promotes employees’ security-minded behavior. Digital Defense security solutions are highly-regarded by industry experts, as illustrated by the company’s designation as Best Scan Engine by Frost & Sullivan, top 20 ranking (#16) in Cybersecurity Ventures’ list of the World’s 500 Hottest Cybersecurity Companies, as well as inclusion in CSO Outlook’s Top 10 Network Security Companies, and CIO Review’s 20 Most Promising Cyber Security Solutions.

 

Contact Digital Defense at 888-273-1412; visit www.digitaldefense.com, our blog, LinkedIn, or follow @Digital_Defense on Twitter.

 

# # #

 

CONTACTS
Michael Becce, MRB Public Relations
mbecce@mrb-pr.com, 732-758-1100

 

Meg Grant, SVP, Marketing

Digital Defense, Inc.

meg.grant@digitaldefense.com, 210-582-6186

 

Digital Defense and the Shield Logo are Registered Service Marks of Digital Defense, Inc. All other trademarks are the property of their respective owners.