FAQ

Why information security?

Information security is a sub-area of IT security and refers specifically to the protection of information from unauthorised access, modification or destruction. Information security is important because information can often contain sensitive data such as personal information, trade secrets or intellectual property.

What is cyber security?

Cyber security refers to the protection of computer networks, systems, devices and data from online crime threats, including malware, ransomware, phishing and other attacks. Cyber security is an important component of IT security.

What impact does an attack have on my information?

An attack on information can have serious consequences, such as loss of data, theft of information, damage to the company’s reputation, legal consequences due to breaches of data protection regulations and impairment of business continuity.

What is IT security?

IT security refers to the protective measures taken to ensure the confidentiality, integrity and availability of information and systems. It covers aspects such as network and server security, application security and data protection.

Why is IT security important?

IT security is important to ensure the confidentiality, integrity and availability of data and systems. Businesses, government agencies and individuals are increasingly affected by cyber-attacks, which can have financial and legal consequences and affect customer and public confidence.

Increasing digitalisation and networking in all areas of life has led to an enormous rise in the importance of IT security in recent years.

Which attack methods and means endanger IT security?

There are various attack methods and means that can jeopardize IT security, such as phishing, malware, ransomware, social engineering, denial of service attacks, vulnerabilities in software or hardware and inadequate security measures.

How can I improve my IT security?

There are several steps you can take to improve your IT security, including implementing firewalls and antivirus software, regularly updating operating systems and applications, using strong passwords, training employees on cyber security and conducting penetration tests.

Regular review and updating of these measures is also necessary.

How do I make my employees fit for IT security?

Employees should be regularly trained and sensitised to increase awareness of IT security. A security policy should be created and implemented to ensure that all employees adhere to the same standards. Training can also be conducted using practical examples and exercises.

What is the importance of information and its security for digitalisation/digital transformation?

Digitalisation and digital transformation require more intensive protection of information and IT systems, as an increasing amount of data and information is processed and stored digitally. The security of information is therefore an important prerequisite for the successful implementation of digitisation projects.

How good is my company's IT security?

The IT security of a company can be assessed through a risk analysis and an evaluation of the existing security measures. An external audit or penetration test can also be carried out to uncover vulnerabilities and suggest improvements.

What distinguishes vulnerability management from vulnerability assessment and penetration testing or from IDS/IPS and firewall solutions?

A decisive difference to antivirus systems, IDS/IPS installations and firewall solutions lies in the perspective.

The systems mentioned focus on the attack patterns – looking from the inside out. In contrast, vulnerability management looks at the IT infrastructure from the outside in – similar to the perspective of an attacker.

Penetration testing takes the same view. But here too there is a significant difference: it is a specific task to penetrate a company network and take control. Once this goal has been achieved, the penetration test ends and further vulnerabilities remain unnoticed. Vulnerability management, on the other hand, is geared towards finding every single vulnerability.

While vulnerability assessment is a one-off inventory of the security situation of an IT infrastructure, vulnerability management improves the security level with a complete process.

Why does vulnerability management increase the level of security?

Vulnerability management drastically reduces the attack surface of a company’s IT. In addition, vulnerability management allows other IT security solutions in use (IDS/IPS and firewall) to focus on the actual hotspots: The solutions receive information about the most critical vulnerabilities. This takes place within a process that prioritizes vulnerabilities based on accepted standards (SCAP) and company-specific factors and removes or mitigates them in line with critical business processes. Ideally, this process is part of a comprehensive IT security policy.

How compatible is vulnerability management with IDS/IPS and other IT security products?

Vulnerability management is an essential element of an IT security infrastructure and complements the other components.

IDS/IPS solutions – network-based, host-based or designed as Network Behavior Analysis (NBA) – must be set up and adapted during installation and ongoing operation. An NBA requires the development of a baseline (e.g. limit values for port scans and login attempts, blacklists and whitelists for IP addresses and login names as well as the settings for alarms).

By importing the results of vulnerability scans, you can significantly supplement and improve this tuning: The information can be used to focus the resources of an IDS/IPS and thus make better and faster decisions about the necessary action and alarm message. False positive reports are reduced.

Attacks on an IDS/IPS such as overloading the capacity or ‘blinding’ are so-called evasion techniques. Together with the difficulty of an IDS/IPS in detecting slow, targeted attacks, they push these IT security solutions to their limits. Vulnerability management provides the necessary supplement, as it can significantly reduce the attack surface.

What is a security incident?

A security incident is an event in which the security of IT systems or data is compromised. These can include data leaks, unauthorised access, malware infections and other types of cyber attacks.

What is a security policy?

A security policy is a set of rules and procedures established by a company or organisation to ensure IT security

Who is Greenbone Networks?

Greenbone Networks was founded in 2008 by leading experts in the fields of network security and free software. Our aim is to develop products and concepts that help you to prevent attacks on your network infrastructure.

How? By recognizing vulnerabilities faster than attackers. We attach particular importance to a transparent white box. Our turnkey solution is suitable for small and medium-sized companies as well as for operation in a critical Fortune 500 IT environment.

What is vulnerability management?

Vulnerability management is the process of identifying, prioritising and remediating vulnerabilities in IT systems and applications. The goal of vulnerability management is to minimise the risks posed by vulnerabilities by identifying and fixing them quickly before they can be exploited by attackers.

Is the use of the Greenbone solution compatible with the GDPR?

Our system only scans the environment defined by users of the hardware or virtual appliance for possible vulnerabilities. The person placing the order determines the target and thus the infrastructure to be scanned, whereby only company networks and no personal data (detailed definition in our privacy policy) are checked. The resulting data remains exclusively with the users of the appliance. No data is passed on either to the manufacturing company or to any third parties. In addition, the defined environment can be checked for compliance guidelines using preconfigured scan configurations to ensure that all components integrated in the system meet the required specifications.

Do the Greenbone solutions violate the "hacker paragraph" 202c StGB?

The production and distribution of security software is not a criminal offense under Section 202c of the German Criminal Code (“hacker paragraph”). This was expressly clarified by the Federal Constitutional Court in its ruling of May 18, 2009 (2 BvR 2233/07). According to the Federal Constitutional Court, only the production and distribution of computer programs whose purpose is to spy on or intercept data is punishable under Sections 202a and 202b of the German Criminal Code. This requires that the software was developed with the intention of committing these offenses. It is not enough for a program to be suitable for the commission of computer crimes. As our software is developed and used for security purposes, it does not fall within the scope of § 202c StGB.

What is a penetration test?

A penetration test, also called a pen test, is a method of assessing the security of IT systems and applications by performing an authorised attack. The aim is to identify vulnerabilities in systems and applications before they can be exploited by attackers.

Are there alternative or substitute solutions?

In contrast to other security solutions, vulnerability management allows you to view your IT infrastructure from the outside – from the perspective of a potential attacker, so to speak. The aim is to find every existing vulnerability in your IT infrastructure. And that’s not all: our solution shows ways and processes to eliminate them. There is no other solution that could take over these functions completely.

What is the CRS approach?

We take a holistic approach. Our goal: to minimize and manage risks resulting from system vulnerabilities. Greenbone Networks is the first company to offer a 100% open source checkpoint management solution. With this Weide-Box solution, you can avoid risks arising from the use of a proprietary vulnerability analysis system in critical IT infrastructures.

Greenbone Networks is involved in the global and multicultural open source communities in a cooperative manner. We act according to the concept of take and give as well as joint development processes for free software.

How do our products work?

Our technology is available in two different versions: the Greenbone Enterprise Appliances and the Greenbone Cloud Service. These are turnkey solutions for vulnerability scanning.

The Greenbone Enterprise Appliances are available in hardware or virtual form. They consist of the Greenbone Operating System (GOS), a scan service, the web interface and, in the case of hardware appliances, special hardware.

The Greenbone Cloud Service is a SaaS solution in which scan requests are forwarded to the Greenbone Scan Cluster via the cloud.

Both the Greenbone Enterprise Appliances and the Greenbone Cloud Service use the Greenbone Enterprise Feed – our base technology. It is a collection of vulnerability tests (VTs) for detecting known and potential security vulnerabilities in all active elements of your IT infrastructure: desktop PCs, servers, appliances and intelligent components such as routers or VoIP devices.

How can you buy our products?

Click here to access the contact form for product inquiries.

Is it possible to test the vulnerability scanning?

Talk to us about a trial.

Do you have a question that we haven't answered yet?

Please do not hesitate to contact us!

FAQ

FAQ

Frequently Asked Questions