Tag Archive for: Community Edition

Greenbone AG

Greenbone Enterprise Products Lead all Network Vulnerability Scanners

OpenVAS began in 2005 when Nessus transitioned from open source to a proprietary license. Two companies, Intevation and DN Systems adopted the existing project and began evolving and maintaining it under a GPL v2.0 license. Since then, OpenVAS has evolved into Greenbone, the most widely-used and applauded open-source vulnerability scanner and vulnerability management solution in the world. We are proud to offer Greenbone as both a free Community Edition for developers and also as a range of enterprise products featuring our Greenbone Enterprise Feed to serve the public sector and private enterprises alike.

As the “old-dog” on the block, Greenbone is hip to the marketing games that cybersecurity vendors like to play. However, our own goals remain steadfast – to share the truth about our product and industry leading vulnerability test coverage. So, when we reviewed a recent 2024 network vulnerability scanner benchmark report published by a competitor, we were a little shocked to say the least.

As the most recognized open-source vulnerability scanner, it makes sense that Greenbone was included in the competition for top dog. However, while we are honored to be part of the test, some facts made us scratch our heads. You might say we have a “bone to pick” about the results. Let’s jump into the details.

What the 2024 Benchmark Results Found

The 2024 benchmark test conducted by Pentest-Tools ranked leading vulnerability scanners according to two factors: Detection Availability (the CVEs each scanner has detection tests for) and Detection Accuracy (how effective their detection tests are).

The benchmark pitted our free Community Edition of Greenbone and the Greenbone Community Feed against the enterprise products of other vendors: Qualys, Rapid7, Tenable, Nuclei, Nmap, and Pentest-Tools’ own product. The report ranked Greenbone 5th in Detection Availability and roughly tied for 4th place in Detection Accuracy. Not bad for going up against titans of the cybersecurity industry.

The only problem is, as mentioned above, Greenbone has an enterprise product too, and when the results are recalculated using our Greenbone Enterprise Feed, the findings are starkly different – Greenbone wins hands down.

Here is What we Found

Bar chart from the 2024 benchmark for network vulnerability scanners: Greenbone Enterprise achieves the highest values with 78% availability and 61% accuracy

 

Our Enterprise Feed Detection Availability Leads the Pack

According to our own internal findings, which can be verified using our SecInfo Portal, the Greenbone Enterprise Feed has detection tests for 129 of the 164 CVEs included in the test. This means our Enterprise product’s Detection Availability is a staggering 70.5% higher than reported, placing us heads and tails above the rest.

To be clear, the Greenbone Enterprise Feed tests aren’t something we added on after the fact. Greenbone updates both our Community and Enterprise Feeds on a daily basis and we are often the first to release vulnerability tests when a CVE is published. A review of our vulnerability test coverage shows they have been available from day one.

Our Detection Accuracy was far Underrated

And another thing. Greenbone isn’t like those other scanners. The way Greenbone is designed gives it strong industry leading advantages. For example, our scanner can be controlled via API allowing users to develop their own custom tools and control all the features of Greenbone in any way they like. Secondly, our Quality of Detection (QoD) ranking doesn’t even exist on most other vulnerability scanners.

The report author made it clear they simply used the default configuration for each scanner. However, without applying Greenbone’s QoD filter properly, the benchmark test failed to fairly assess Greenbone’s true CVE detection rate. Applying these findings Greenbone again comes out ahead of the pack, detecting an estimated 112 out of the 164 CVEs.

Summary

While we were honored that our Greenbone Community Edition ranked 5th in Detection Availability and tied for 4th in Detection Accuracy in a recently published network vulnerability scanner benchmark, these results fail to consider the true power of the Greenbone Enterprise Feed. It stands to reason that our Enterprise product should be in the running. Afterall, the benchmark included enterprise offerings from other vendors.

When recalculated using the Enterprise Feed, Greenbone’s Detection Availability leaps to 129 of the 164 CVEs on the test, 70.5% above what was reported. Also, using the default settings fails to account for Greenbone’s Quality of Detection (QoD) feature. When adjusted for these oversights, Greenbone ranks at the forefront of the competition. As the most used open-source vulnerability scanner in the world, Greenbone continues to lead in vulnerability coverage, timely publication of vulnerability tests, and truly enterprise grade features such as a flexible API architecture, advanced filtering, and Quality of Detection scores.

Contact Test Now Buy Here Back to Overview

/by
Markus Feilner

New zero-day exploit in Microsoft Exchange Server – Greenbone Enterprise Feed offers protection

,

We have developed a remote test for the Microsoft Exchange Server ProxyNotShell vulnerability GTSC2022.

Update from 2022-10-13: The vulnerability still exists after the October patchday on Tuesday. The blog post of Microsoft’s Security Response Center is continuously updated by the company, the last entry is from October 08.

The mentioned zero-day exploit in Microsoft Exchange Servers [GTSC2022] was published on September 28th by the cyber security company GTSC. After investigating a security incident, the security researchers discovered evidence of active exploitation of two vulnerabilities that can be used to compromise even fully patched systems.

The test (check here) extends our current vulnerability detection for Outlook Web Access (OWA) by checking whether Microsoft’s suggested remedies are in place. So far (beginning of October 2022), Microsoft only recommends workarounds. Microsoft Exchange users can use our test to ensure that the workaround instructions are implemented and active. Our customers can simply continue to use their Greenbone product, the test is already implemented in the feed. Those who do not yet have a Greenbone product yet, please use the link (check here) above.

Information on the technical background

Microsoft has published a post on its website [MSRC2022] describing that the vulnerabilities allow server-side request forgery (CVE-2022-41040) and remote code execution (CVE-2022-41082) if the attacker has access to PowerShell. However, this requires authenticated access to the vulnerable server (according to Microsoft, the Microsoft Exchange Servers 2013, 2016 and 2019).

The migration measures listed in the Microsoft blog (for example, disabling access to Powershell for unprivileged users) should be implemented as soon as possible by customers with on-premise solutions, as there is currently no known security update that fixes the vulnerability. According to Microsoft, users of Microsoft Exchange Online are not affected.

The severity of the vulnerability

In the Common Vulnerability Scoring System (CVSS), the vulnerabilities were rated as “high” and “medium” with a severity score of 8.8 and 6.3 out of 10, respectively. Since the vulnerabilities are already being actively exploited by attackers, there is also an increased risk of compromise for German institutions.

Sustainable protection of your IT Networks

If you want to know which systems in your network are (still) vulnerable to vulnerabilities – including the ProxyNotShell vulnerability – our vulnerability management helps you. It is used in systems that must be patched or otherwise protected in any case. Depending on the type of systems and vulnerabilities, they can be found better or worse. The detection is also constantly improving and being updated. New gaps are found. Therefore, there may always be more systems with vulnerabilities in the network. Therefore, it is worthwhile to regularly update and scan all systems. The Greenbone vulnerability management offers corresponding automation functions for this.

Our vulnerability management offers the best protection

Vulnerability management is an indispensable part of IT security. It can find risks and provides valuable information on how to eliminate them. However, no single measure offers 100% security, not even vulnerability management. To make a system secure, many systems are used, which in their entirety should provide the best possible security.


Contact Free Trial Buy Here Back to Overview

/by