2022 has arrived and with it, a new monitoring campaign by LEET Security that, on this occasion, has focused on the web servers of our clients.
The specific monitoring campaigns are a free complement included in the service that we offer with the qualification. These campaigns, unlike digital monitoring, which are carried out on a regular basis, are carried out only when a vulnerability is published and on a specific technology or system.
A potential vulnerability in Apache web servers was recently published in version 2.4.49 or earlier. This was the trigger this time, only instead of just sticking to Apache servers, we broadened the spectrum to include other widely used servers as well: Nginx servers and Windows Server.
This process is carried out remotely and non-intrusively using proprietary technology. It verifies which server the client is using and informs them of the risk levels associated in each case and of the solution (if necessary) recommended by the manufacturer. With this risk assessment we try to help you make better decisions when generating your action/mitigation plans.
In this campaign we have monitored just under 25,000 IPs but only a fraction of these are web servers and, in these, we have found three cases of note in those in which we have been able to identify the specific version of the software: that it is operating with a considered version secure (15%), a version with medium risk (with public vulnerabilities that can be fixed with an update) (81%) or with an out-of-support version (4%).
This monitoring system, which combines specific campaigns and periodic digital monitoring, amplify the usefulness of the rating to discover one's own strengths and weaknesses, which is the first step for effective protection.
For this reason, the LEET Security rating is the most exhaustive, rigorous and reliable method to determine the level of cybersecurity of a service of any type of organization.
For more information about the monitoring campaigns check this ink.
Suscribe to our newsletter here
You can follow us on twitter.com/leet_security