Ivanti CEO vows improved security post-Connect Secure mishap

April 5, 2024
1 min read

TLDR:

* Ivanti plans to revamp its security approach following high-profile security incidents involving its products.

* CEO Jeff Abbott acknowledges recent security failings and stresses the importance of adapting to new threats in the software industry.

Ivanti, a software company, is set to transform its security operating model after a string of security breaches involving its products. In an open letter and video, CEO Jeff Abbott addressed the recent security incidents and highlighted the need for the software industry to be more proactive in addressing security threats. Hackers exploited vulnerabilities in Ivanti’s products to launch attacks on various entities, including the top US cyber security agency and government agencies in Norway.

Abbott emphasized the need for software companies to be more diligent and proactive in enhancing product security in response to the evolving threat landscape. In an effort to restore trust in its security credentials, Ivanti outlined a comprehensive plan to set a new standard for the industry. This plan includes a focus on secure product development, improved vulnerability management, enhanced customer support, and increased transparency.

Specifically, Ivanti aims to embed security into every stage of the software development lifecycle and provide solutions that are secure by default. The company also plans to enhance its vulnerability management platform, reduce patching time for critical vulnerabilities, and improve customer support through upgrades to its Community Portal and IVR System.

Furthermore, Ivanti committed to engaging with customers and partners through various channels to keep them informed about the latest security trends, share lessons learned, and gather feedback on security initiatives. The company will establish a Customer Advisory Board to ensure customer input is considered in its product development and strategic decisions.

The decision to revamp its security approach comes in the wake of vulnerabilities in Ivanti’s Connect Secure and Policy Secure products that allowed attackers to bypass control checks and remotely execute code. These vulnerabilities led to a high volume of attacks targeting Ivanti products, prompting government advisories and system shutdowns.

By addressing its recent security failings and implementing a robust security transformation plan, Ivanti aims to enhance its security posture, regain customer trust, and better protect its products against emerging threats in the software industry.

Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and