Tech Shout!

Today, Qualys, providers of on-demand vulnerability management and policy compliance solutions has announced the availability of a free network scanning service that will help companies find and eliminate vulnerabilities listed in the annual SANS Top 20 update for 2006.

The SANS Top 20 update for 2006 has been designed by the SANS Institute and security experts from the industry and government to provide a prioritized list of newly discovered exposures to organizations and their networks. The list will be announced today itself at a press conference in Central Hall Westminster, London.

Besides identifying vulnerabilities in Windows and UNIX categories, the SANS Top 20 list for 2006 demonstrated a shift from server-side to client-side vulnerabilities. The list includes categories fro zero-day vulnerabilities and also highlights the Microsoft Office and Web application exploitable vulnerabilities.

According to the Top 20 list, the shift from server-side to client-side vulnerabilities continues to be an increasing trend meant purely for financial gain. Another point to be noted is that there has been a significant surge in the number of online criminals in Asian countries, as well as in Eastern Europe. As a result of this, several banks have reported 400 to 500 percent increase in losses due to cyber fraud from 2005 to 2006.

These changes that have been noticed further reflect the increase in exploits for malicious or personal gain, which could include targeting military and government contractor sites through phishing attacks. To read the entire SANS report, do visit this Web page.

“Our list of the top 20 vulnerabilities does no good at all unless companies discover whether their computers can be compromised and fix the ones that have the vulnerabilities,” said Alan Paller, Director of Research, SANS. “I have been enormously appreciative of Qualys, both for helping to research the Top 20, and for making a free testing tool available that tells businesses and government agencies whether their systems are vulnerable to the Top 20.”

According to Amol Sarwate, manager of Vulnerability Lab at Qualys and a contributing member to the SANS Top 20, “The SANS Top 20 list is an important tool in helping businesses prioritize their efforts to address security vulnerabilities. As a service to our customers and the security community as a whole, Qualys supports the SANS Institute and we are glad to share our research in vulnerability management, to help organizations address the increasing threat in client-side and application vulnerabilities and criminal-based attacks.”

Qualys’ free scan for the 2006 SANS Top 20 is available at https://sans20.qualys.com.