Ivanti’s Post

Did you know the average data breach cost a whopping $4.35 million in 2022? That's why 70% of organizations are turning to IT infrastructure automation by 2023. Automation Edge helps you automate tasks like server provisioning, network management, and security, leading to: - Faster incident response ⚡ - Reduced downtime - Improved data management - Lower operational costs - Better system integration - Enhanced security posture️ Ready to unleash the power of automation? Download our free infographic to learn more! ➡️ #ITautomation #security #efficiency #dataprotection #AutomationEdge

Unplanned downtime brings business operations to a halt, causing losses of thousands of $$$ per minute. When you discover that network configuration errors are the main cause, you realize that #NetworkAutomation can make a big difference. #AIOps #AINetworks #AINetworking #QoE https://hubs.la/Q02CZ8yc0

1. SUBJECT: A Vulnerability in SolarWinds Serv-U Could Allow for Path Transversal 2. OVERVIEW: A vulnerability has been discovered in SolarWinds Serv-U that could allow for path transversal that could lead to disclosure of sensitive information. SolarWinds Serv-U is a managed file transfer solution used to store and share files across an enterprise network. It can be hosted on both Windows and Linux-based servers. Successful exploitation of this vulnerability could allow for the disclosure of sensitive information in the context of the files and directories. Depending on the permissions associated with the files, an attacker could view content within them. Files with stricter access controls and file permissions could be less impacted than those without. 3. SYSTEMS AFFECTED: SolarWinds Serv-U versions prior to 15.4.2 HF 2 4. RISK: Government: - Large and medium government entities: High - Small government entities: Medium Businesses: - Large and medium business entities: High - Small business entities: Medium Home users: Low 5. TECHNICAL SUMMARY: A vulnerability has been discovered in SolarWinds Serv-U that could allow for path transversal. An unauthenticated adversary can access files stored outside the server root directory using “dot-dot-slash (../)” sequences in the URL for the management console. Details of this vulnerability are as follows: - Tactic: Discovery (TA0007) - Technique: File and Directory Discovery (T1083) SolarWinds Serv-U Directory Transversal Vulnerability (CVE-2024-28995) Successful exploitation of this vulnerability could allow for the disclosure of sensitive information in the context of the files and directories. Depending on the permissions associated with the files, an attacker could view the content within them. Files and directories with stricter access controls could be less impacted than those without. 6. RECOMMENDATIONS: - Apply appropriate updates provided by SolarWinds to vulnerable systems immediately after appropriate testing. (M1051: Update Software) - Restrict access by setting directory and file permissions that are not specific to users or privileged accounts. (M1022: Restrict File and Directory Permissions) - Prevent access to file shares, remote access to systems, unnecessary services. Mechanisms to limit access may include use of network concentrators, RDP gateways, etc. (M1035: Limit Access to Resource Over Network) - Use intrusion detection signatures to block traffic at network boundaries. (M1031: Network Intrusion Prevention) - Use capabilities to detect and block conditions that may lead to or be indicative of a software exploit occurring. (M1050: Exploit Protection) https://lnkd.in/g5CXwQwD

BackBox bolsters network automation platform with zero-trust tools 1. BackBox has introduced zero-trust capabilities to its network automation platform, enabling network teams to automate security tasks such as privileged access management and vulnerability management. 2. The new release includes upgrades to the platform's privileged access management, network vulnerability management, and search capabilities. 3. BackBox's approach, called "zero trust network operations" (ZTNO), aims to simplify and tailor zero-trust technologies for network teams. 4. ZTNO aligns with the "NetOps Zero Trust" principles and is designed to help network operators address complex security requirements with actionable insights. 5. BackBox's ZTNO framework includes six pillars, including access management, audit control, device configuration onboarding, vulnerability management onboarding, continuous assessment, and reporting visibility.

We’ve got great news — that probably wouldn’t surprise Dynatrace customers even a bit, but... — the vendor has been once again ranked 🏆 first in the Security Operation category of Gartner’s "Critical Capabilities for Application Performance Monitoring and Observability" report. This proves that Dynatrace is an excellent choice for companies that want to understand everything that happens to their applications.    Read the article to find out how this happened, what the convergence of observability and security means for companies, and much more 👉 https://bit.ly/3FeEMII

We’ve got great news — that probably wouldn’t surprise Dynatrace customers even a bit, but... — the vendor has been once again ranked 🏆 first in the Security Operation category of Gartner’s "Critical Capabilities for Application Performance Monitoring and Observability" report. This proves that Dynatrace is an excellent choice for companies that want to understand everything that happens to their applications.    Read the article to find out how this happened, what the convergence of observability and security means for companies, and much more 👉 https://bit.ly/3FeEMII

How can your network successfully run the latest applications in modern data centers and reimagined enterprise campus environments? By upgrading your network’s agility, security, and efficiency as cloud-based network management transforms the enterprise space. Watch the webinar on demand to explore how you can leverage automation: https://hpe.to/6047wQ8jd #NetworkAgility #NetworkSecurity

How can your network successfully run the latest applications in modern data centers and reimagined enterprise campus environments? By upgrading your network’s agility, security, and efficiency as cloud-based network management transforms the enterprise space. Watch the webinar on-demand to explore how you can leverage automation: #HPEArubaNetworking https://hpe.to/6040wCYYA

How can your network successfully run the latest applications in modern data centers and reimagined enterprise campus environments? By upgrading your network’s agility, security, and efficiency as cloud-based network management transforms the enterprise space. Watch the webinar on-demand to explore how you can leverage automation: #HPEArubaNetworking https://hpe.to/6046wCsiG

How can your network successfully run the latest applications in modern data centers and reimagined enterprise campus environments? By upgrading your network’s agility, security, and efficiency as cloud-based network management transforms the enterprise space. Watch the webinar on-demand to explore how you can leverage automation: #HPEArubaNetworking https://hpe.to/6047bDEkv