US Military Agency Case Study Header

U.S. Government Military Agency Evaluates AssuredScanDKV® Vulnerability Scanner

Company Name

US Military Agency

Industry

Government Research Laboratory

Assured Solution

AssuredScanDKV®

The Challenge

The U.S. agency client develops mission critical software for the U.S. military. As with any software developed for national security purposes, it is imperative to minimize the risk of this software getting hacked by cyber adversaries. Given that most cyber-attacks on software target known vulnerabilities—especially within open source and third-party applications and libraries, as well as bundled executables—these vulnerabilities represent the primary means through which a cyber adversary will seek to compromise an organization’s data and systems.

Over time, most software will be infiltrated by known vulnerabilities. The Agency knew they had to minimize the possibility of cyber adversaries attacking mission critical systems through software vulnerabilities.

It often takes months, and sometimes years, for IT staff to fix new, critical vulnerabilities found within software. In addition, there may be times at which developers release new software versions that inadvertently contain vulnerabilities. Over time, the likelihood of documented vulnerabilities residing within deployed software is nearly certain. Even the best-managed software development teams can lose sight of the vulnerabilities that are discovered daily, making the prompt detection and remediation of known vulnerabilities of paramount importance because they are the means attackers use to target mission systems.

The Agency contracted with Assured Enterprises for a detailed evaluation of AssuredScanDKV®, a deep software scanning tool described as being able to perform these very functions.

“AssuredScanDKV® was easy to use, operated without defects or bugs and empowered [the Agency] to eliminate known software vulnerabilities within [its] software.”

SENIOR OFFICER, CLIENT AGENCY

The Goals

  • Measure the effectiveness of AssuredScanDKV®
  • Evaluate Assured’s claims for performance, ease of use and other factors
  • Determine whether AssuredScanDKV® should become part of the tool-set used to detect and eliminate vulnerabilities in the proprietary software developed by the Agency

The Results

Training and Installation

  • Effective three-hour training program provided the knowledge to run, scan and analyze results
  • Easy installation; up and running in a few minutes
  • Minimal impact on processing resources
  • Non-intrusive to network traffic or environment

Scanning Outcomes

  • Scans of custom-built Windows applications detected vulnerabilities in each software package examined, despite the laboratory’s proper use of other scanning tools
  • Scans of each software application were completed in two to five minutes
  • Did not require access to the source code or to any data created using the software
  • Identified known vulnerabilities in third-party libraries

AssuredScanDKV® Can Also:

  • Confirm the presence of known software vulnerabilities
  • Identify newly discovered software vulnerabilities during periodic reviews of baseline software
  • Provide an inventory of all installed software applications
AssuredScanDKV® exposes vulnerabilities hidden within Client software applications, as depicted in this graphic:
AssuredScanDKV™ OS Network Scanning
The 10 Advantages to Using AssuredScanDKV Deep Software Scanner

AssuredScanDKV® is a lightweight application scanner that requires minimal training and expertise to use. The product performed consistent with Assured’s representations and operated without defects or bugs. I have never seen such impressive results.

SUPERVISING CYBERSECURITY ENGINEER, CLIENT AGENCY

Conclusions

  • The use of AssuredScanDKV® is most effective immediately preceding distribution of a new release and, on a periodic basis, when run against baseline software to detect newly discovered vulnerabilities.
  • AssuredScanDKV® can evaluate weaknesses in contractor-delivered software. Thus, the tool may be part of the acceptance criteria for software and upgrades which are intended to be deployed, especially on vessels at port call, during re-provisioning.
  • AssuredScanDKV® is highly effective in ensuring that:
    • New software releases are free from known vulnerabilities
    • Third-party software vendors provide code free from known vulnerabilities
    • Newly discovered vulnerabilities do not impact any previously released software baselines and can be detected and resolved quickly

Are you ready to protect your data and safeguard your clients’ trust?

Schedule a demo today to assure a brighter tomorrow.

Copyright © 2017