The Transformation of Ivanti’s Security Operating Model
In recent months, Ivanti, a renowned company specializing in remote-access products, has faced significant challenges due to severe exploits. Despite these setbacks, Ivanti has demonstrated its commitment to security by embarking on a transformative journey towards a new security operating model.
A Pledge for Innovation
Under the leadership of CEO Jeff Abbott, Ivanti has unveiled a comprehensive plan to enhance its core engineering, security, and vulnerability management processes. This initiative includes a substantial investment and the full support of the board, signaling a new era for the company.
Abbott’s open letter outlines key objectives such as making all products “secure by design,” establishing partnerships with cyber-defense agencies, and fostering knowledge-sharing with customers. One notable aspect of the plan is the integration of Artificial Intelligence (AI) technology to enhance search capabilities in Ivanti’s security resources portal and an AI-powered Interactive Voice Response system to streamline customer communication.
A Response to Recent Challenges
Coincidentally, Ivanti’s announcement comes on the heels of the disclosure of four new vulnerabilities in its Connect Secure and Policy Secure gateway products. These vulnerabilities, rated for high severity, follow closely behind critical vulnerabilities with remote code execution that were reported earlier. The frequency of these exploits has prompted a sense of urgency among security professionals.
Given Ivanti’s widespread use in large organizations, including government agencies, the company has become an attractive target for threat actors. The Connect Secure VPN appliance, in particular, has been a lucrative target due to its widespread deployment and constant connectivity, making it vulnerable to nation-state actors and financially motivated intruders.
Recognition and Criticism
While Ivanti has received praise for its efforts to address vulnerabilities, some security experts remain skeptical about the company’s ability to withstand ongoing threats. Security researcher Jake Williams expressed concerns about Ivanti’s future as an enterprise firewall brand, highlighting the persistent challenges faced by the company.
In response to these concerns, Ivanti’s open letter emphasizes a commitment to learning from past incidents and implementing immediate improvements in engineering and security practices. The company’s proactive approach to addressing vulnerabilities demonstrates a willingness to adapt and strengthen its security posture in the face of evolving threats.
Image/Photo credit: source url