Weakest Links in Websites: Vulnerabilities Exposed
Leverage Vulnerability Assessments within Symantec Website Security SSL Certificates
Our online world is rife with shadowy creatures; it’s riddled with crime organizations, activist groups, government entities, and lone hackers. Why they breach our data can boil down to a few things; greed, ideological dissent, and their desire to publicly embarrass their targets. In 2011, high-profile attacks on various Certificate Authorities threatened the systems that sustain trust in the internet itself. These attacks highlighted the need for Symantec to continue to harden their defenses and develop even stronger security procedures and policies.
The Website Security Internet Threat Report, published in May 2012, reported that in 2011 the Symantec website security malware scanning service scanned over 8.2 Billion URLs for malware infection. Approximately 1 in 156 unique websites were found to contain malware. The struggle to preserve IT security for your client accounts is a 24/7 job, and your strategy needs to be comprehensive and focused. Where website malware scanning finds malware infection fast and helps you eliminate it, website vulnerability assessments are a proactive measure to prevent hacks in the first place. They enable you to proactively identify weaknesses in your website that bad actors are most likely to use to attack you. Vulnerability assessment services identify and guide resolutions to the most common and highest risk exposure points like SQL Injection and Cross Site Scripting (XSS). Symantec's vulnerability assessment identified critical vulnerabilities on 50% of websites scanned in a Symantec Assessment Preview Program conducted in August 2011.
In the 2012 Verizon Data Breach Investigation Report, 79% of victims were targets of opportunity. Of these, 96% of the attacks were simple, well known or published vulnerabilities. Meaning most of these businesses were attacked because they possessed easily exploitable weaknesses. Don’t leave your clients’ front door open.
Symantec Secure Site Pro with Extended Validation (EV), Secure Site with EV, and Secure Site Pro SSL Certificates carry the Norton™ Secured Seal, the most recognized trust mark on the Internet** and include vulnerability assessment at no cost for your clients. The targeted scan helps quickly identify and take action against the most common exploitable weaknesses that create the biggest risk to your customer’s business operations. Scans done automatically on a weekly basis can check for vulnerabilities on public-facing Web pages, Web-based applications, server software and network ports. Actionable reports identify both critical vulnerabilities that should be investigated immediately as well as informational items that pose a lower risk. You and your clients then have an option to rescan the websites to confirm that the vulnerabilities have been fixed. In addition, Symantec maintains one of the world’s most comprehensive vulnerability databases, currently consisting of more than 47,662 recorded vulnerabilities (spanning more than two decades) from over 15,967 vendors representing over 40,006 products.
Neglecting to perform frequent vulnerability checks puts your customers’ websites, their clients, and their business at risk by leaving the door open to hackers. Studies show that the average cost per incident of a data breach in the United States is $7.2 million, with one of the largest breaches costing $35.3 million to resolve.*
The shadowy creatures that infiltrate security vulnerabilities are not going away; they will continue to refine their attacks against your customers. Your clients need tools that allow them to continue to do business safely online. They want answers and look to you, their trusted advisor, for the right solution. Symantec Secure Site Pro with Extended Validation (EV), Secure Site with EV, and Secure Site Pro SSL Certificates are the tools they need to stay protected. Symantec SSL certificates with vulnerability assessment help reduce the cost and complexity of vulnerability management, and it’s a solid starting point for your clients’ organizations that want to quickly assess their security standing. Symantec SSL certificates vulnerability assessments are also ideal for your clients' organizations that already use a compliance vulnerability scanning solution such as those for PCI, and need a complementary solution to cross-check the results of their scan for an added layer of security. When used in combination with Symantec SSL Certificates and daily website malware scan, vulnerability assessments help you to secure your clients' websites and protect their consumers.
To learn more, please view our attached White Paper: Reducing the Cost and Complexity of Web Vulnerability Management and our Partner Sell Sheet, accessible after the PartnerNet login.
Have any comments? We'd love to hear them. Reach out to Symantec Website Security Channel Marketing Team, at firstname.lastname@example.org or post a comment here.
*Ponemon Institute and Symantec, "2010 Annual Study: U.S. Cost of a Data Breach" (March 2011)
**International Online Study (U.S., Germany, U.K.) July 2012