Secunia, the company specializing in software vulnerability management, has been acquired by software asset management company Flexera Software.
The pairing of Flexera's asset discovery and management tools with Secunia's software vulnerability platform will give organizations the ability to thoroughly assess the security of applications discovered on the network, said Mark Bishof, Flexera Software's CEO.
Flexera's tools, which includes Application Readiness and AdminStudio Suite, currently help discover all the hardware and software assets within the organization, how the licenses are used, and how to optimize what is not in use. With the Secunia addition, organizations will be able to scrutinize the discovered applications to uncover unpatched vulnerabilities. This will give IT teams the information they need to update to the latest patch or to create a workaround to temporarily mitigate the issue until a patch is available.
IT asset management and security teams typically work in separate silos. Asset discovery and inventory is generally handled by asset management teams, even though including the security teams during the discovery phase would help identify vulnerabilities and risks a lot sooner. Combining Flexera and Secunia's offerings connects the dots between these two offerings and gives organizations a centralized repository and "a single source of truth" about the assets currently owned by the organization, Bishof said.
The acquisition will let enterprises "proactively address cyber security threats as a core part of their processes for managing application usage," said Peter Colsted, Secunia's CEO.
Secunia's portfolio of vulnerability management software includes Vulnerability Intelligence Manager and Corporate Software Inspector. IT teams and developers get access to comprehensive vulnerability intelligence from Secunia Research, which they can then use to manage patch creation and deployment. Secunia's reach will expand with this acquisition as it will be become a part of the organization's asset discovery lifecycle.
Customers frequently ask about the security of an application recently discovered on the network. Adding Secunia will now make it possible to answer these questions and take active steps to minimize the risks, Bishof said.
An abundant variety of insecure applications makes this kind of assessment critical. Secunia recently released its Vulnerability Update, a quarterly audit of vulnerabilities in enterprise products, for the period between May and July of this year. The report found that organizations tend to focus on operating system updates and patches to big-name software, but bugs in less popular software pose an equal threat. For example, 206 vulnerabilities were uncovered for Avant Browser in the latest report. IBM had the greatest number of vulnerabilities, with researchers finding 500-plus bugs in more than a dozen of the company's products during the surveyed period.
A typical security breach resulting in loss of data can cost an organization between $2.5 million to $5 million to investigate and correct -- and soar to hundreds of millions of dollars as a result of infrastructure damage, loss of productivity, reputation damage, and regulatory fines. In buying Secunia and adding software vulnerability management to its portfolio, Flexera is hoping to reduce that risk.
Sign up for CIO Asia eNewsletters.