Ivanti reboots security after troubled start to 2024

By

Embraces secure-by-design.

A batch of new vulnerabilities has drawn a mea culpa from Ivanti’s CEO, and a promise to embrace secure-by-design methodologies.

Ivanti reboots security after troubled start to 2024

In an open letter, CEO Jeff Abbott said the “increasing complexity of the threat landscape and the specific evolution of threat-actor tactics … has brought one of our products to the forefront of conversation regarding recently reported security incidents.”

Abbott said the company is “taking a very close look at our own posture and processes to ensure we are well prepared to address the current landscape.”

He said Ivanti has engaged “the industry’s most recognised security and product development experts”, with a plan “backed by a significant investment and has the full support of our board of directors and everyone at Ivanti.”

The company will adhere to secure-by-design principles, the letter said, optimising products for security and trust and reducing the security burden on customers.

Ivanti’s vulnerability management program will be bolstered, with “risk-based patching and vulnerability remediation.

Ivanti also promises more secure deployments in the field, and better information sharing.

The year began badly for the company, which had to patch two exploited zero-day bugs in early January.

A bug discovered during that investigation was revealed as being exploited in February, leading to the release of a new security tool in March.

In mid-March, Ivanti had to move on two more critical vulnerabilities: CVE-2023-41724, a remote code execution bug in its Standalone Sentry product; and CVE-2023-46808, a remote file write bug in its Neurons for ITSM product.

The company has also patched a number of sub-critical vulnerabilities in its Ivanti Connect Secure product.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Macquarie Uni to spend up to $700m on 10-year digital transformation

Macquarie Uni to spend up to $700m on 10-year digital transformation

Nissan A/NZ's outsourced cyber incident call centre breached

Nissan A/NZ's outsourced cyber incident call centre breached

Digital ID bill passes parliament

Digital ID bill passes parliament

Macquarie's banking CISO headed to Endeavour Group

Macquarie's banking CISO headed to Endeavour Group

Log In

  |  Forgot your password?