Wave Systems Corp. (fka WAVXQ)

[Genz2]

Enterprises Sinking Under 100+ Critical Flaws Per Day

https://www.infosecurity-magazine.com/news/enterprise-sinking-100-critical

Enterprises are forced to deal with an estimated 100+ critical vulnerabilities each day, with Flash and Microsoft Office accounting for the majority of top app flaws, according to new research from Tenable.

The security vendor analyzed anonymized data from 900,000 vulnerability assessments across 2100 enterprises to compile its latest Vulnerability Intelligence Report.

It predicted that the industry is set to disclose 19,000 new vulnerabilities this year, up 27% from last year — although other estimates put the 2017 figure at nearly 20,000.

Other stats from the Tenable report highlighted the increasing challenge facing system administrators tasked with prioritizing patches.

It claimed that, on average, an enterprise finds 870 vulnerabilities per day across 960 assets, with 61% listed as high severity. Yet just 7% have public exploits available, making it difficult to know which of the remaining 93% to fix first, the firm argued.

That’s especially true when one considers that many hackers deliberately target older vulnerabilities that may have been forgotten about.

Out of the 20 application vulnerabilities affecting the largest number of enterprises, several came from 2015.

Half of that top 20 related to Adobe Flash bugs, followed by Microsoft Office at 20%, with the eight top web browser CVEs from Google and Microsoft impacting 20-30% of enterprises on a single day.

“When everything is urgent, triage fails. As an industry, we need to realize that effective reduction in cyber risk starts with effective prioritization of issues,” said Tom Parsons, senior director of product management, Tenable.

“To keep up with the current volume and velocity of new vulnerabilities, organizations need actionable insight into where their greatest exposures lie; otherwise, remediation is no more than a guessing game. This means organizations need to focus on vulnerabilities that are being actively exploited by threat actors rather than those that could only theoretically be used.”
=================================================================
It seems that Wave Endpoint Monitor could play an important role in protecting the device while these vulnerabilities are being fixed. It should be a great product for organizations to have in their cybersecurity arsenal. imo.
=================================================================
https://www.wavesys.com/malware-protection

Excerpt:

Wave’s solution: start with the device

If antivirus software doesn’t work, what does? The Wave alternative relies not on superficial layers of software but on standards-based hardware: self-encrypting drives (SEDs) and Trusted Platform Modules (TPMs), or security chips, that are already embedded in many of your computers and mobile devices. This hardware provides you with secure storage. When you turn the SED and TPM on and manage them with Wave, you suddenly have a broad, deep view into your network. Among other things, you’ll know immediately whether any one of your devices—computers, laptops, tablets, smartphones—has been tampered with. But Wave is proactive too: you can block the kinds of behaviors that invite malware in. Wave's Endpoint Monitor provides early detection for these low-lying sneaky attacks.
=================================================================
https://www.wavesys.com/products/wave-endpoint-monitor

Excerpts:

Detect attacks before it’s too late

Malware can do its work for weeks or months before you ever know it’s there. But with Wave Endpoint Monitor, you can spot malware before it has a chance to cause damage.

Antivirus software can’t detect rootkits and other malware; it works at the level of the OS and isn’t very good at seeing deeper into the system. For example, it can’t tell whether the boot record is lying. The Wave alternative is to work with the Trusted Platform Modules (TPMs), or security chips, embedded in your devices. By using the TPM to attest to the security of the device each time that device boots, Wave looks below the operating system and can help detect threats lurking there. Every time a device boots up, Wave Endpoint Monitor makes a comparison against previous boot values, and if anything deviates from the norm, it alerts you immediately.

Key Features:

Easy security compliance
• Comports with NIST guidelines for BIOS integrity

Data protection
• Ensures that you can trust the integrity of your measurements for central analysis
• Real-time alerts for zero-day detection of APTs
• Get Windows 8 Malware protection now—WEM covers previous versions of Windows

Simplicity
• Uses standards-based security that’s in every PC you own
• Measurement notifications and reports can be customized for your processes and work flows
• Centralized, remote activation and management of your TPMs
• E-discover which PCs in your organization are enabled for endpoint monitoring

No compromises
• Ensure host integrity—without expensive hardware or excessive administrative overhead