From the Core to the Cloud, See it All

Simplify, secure and scale your hybrid cloud infrastructure to accelerate digital innovation.

LEARN MORE

CLOUD VISIBILITY

GET A DEMO

DATACENTER VISIBILITY

GET A DEMO

NETWORK SECURITY

GET A DEMO

INDUSTRY

A Thriving Partner Ecosystem

Gigamon reseller and integration partners design, implement and optimize best-of-breed and validated joint solutions.

FIND A PARTNER

NOT A PARTNER?

ALREADY A PARTNER?

Proven Support and Services

Our global support team is committed to creating experiences of unmatched quality, scalability and efficiency.

MY GIGAMON

OVERVIEW

GET SUPPORT

COMMUNITY

Customer Success

Our global customers are empowered to transform their businesses and innovate with the power of complete network visibility and analytics.

CUSTOMERS

ANU

Australian National University

Fosters a safer campus community with Gigamon.

cegedim

Cegedim.cloud

Improves cloud infrastructure and visibility.

 

department of defense

Department of Defense

Confidently feeds different tool sets in the physical and the virtual world.

Resource Library

Your one-stop hub to explore content resources to stay current on the latest in network visibility and analytics.

RESOURCES

Network Tool Efficiency Evaluation

Efficient Tools Are Happy Tools

Answer a few questions and get real-time insights.

def-guide

Achieve Hybrid Cloud Observability

Strengthen visibility and security.

ebook

Deep Observability eBook

Supercharge your tools with real-time, actionable, packet-level intelligence.

WHY GIGAMON

We are the first company to deliver a unified visibility and analytics architecture across your hybrid infrastructure to simplify, secure and scale IT operations.

LEARN MORE

IN THE NEWS

COMPANY INFORMATION

Deep Observability

Supercharge Your Security and Observability Tools

Without deep observability, you're exposed.

Great Place to work

Join the Team

Become a part of the OneGigamon team. Search for your next opportunity.

SHARE
Security / October 22, 2019

Using Application and User Agent Fingerprinting to Mitigate Risk

Greg Maples  

Wanted: A New Way to Manage Software Risk

All software applications have vulnerabilities, whether known or unknown. Case in point, at the bottom of this blog post I have attached an advisory from the Center for Internet Security regarding vulnerabilities to be found in the Google Chrome browser. But I could just as easily have provided security notes about Safari, Microsoft Edge, Internet Explorer, Microsoft Windows or many other pieces of software. No software will ever be fully free of issues.

Given that reality, the challenge for security teams is to manage this risk appropriately while continuing to do business. You cannot shut down your business every time there’s a published vulnerability that could possibly affect your users or infrastructure.

Enter Application Intelligence

So, how do you manage software risk while continuing to do business? A new method is to use application intelligence, filtering and metadata.

Let’s say that a security organization has published a list of exploitable browser issues like we see below. Using Gigamon Application Intelligence capabilities, the security administrator could define a regular expression, or REGEX, that captures all browser versions affected by the vulnerability.

The administrator would then map the traffic associated with that list to a different tool path. As one example, the tool path could forward to a web proxy for intercept. Using an intercept path, the security team could then provide a portal page listing download links for approved software.

Taking the Example Further

Gigamon Application Intelligence really shows its flexibility when you combine the above scenario with a secondary concern. What if, for example, the browser is on a guest laptop not controlled by the internal IT organization? You probably don’t want to force that traffic to an internal portal.

Because Gigamon Application Intelligence is an integral part of the full Gigamon filtering and security stack, the IT organization could instead direct guest network traffic to not pass through the path that has the regular expression applied for browser version. Boom — you’ve solved two problems easily and effectively without unduly burdening day-to-day business. The Gigamon Community has an entire group devoted to discussing Application Intelligence. Take a look for tips and ideas — or leave your own.

SUBJECT: Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

OVERVIEW:

Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE: There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:

  • Google Chrome versions prior to 77.0.3865.90

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses:

  • Large and medium business entities: High
  • Small business entities: Medium

Home users: Low

TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could result in arbitrary code execution. These vulnerabilities can be exploited if a user visits, or is redirected to, a specially crafted web page. Details of the vulnerabilities are as follows:

  • Use-after-free in UI. (CVE-2019-13685)
  • Use-after-free in error. (CVE-2019-13686)
  • Use-after-free in media. (CVE-2019-13687)
  • Use-after-free in media. (CVE-2019-13688)

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser, obtain sensitive information, bypass security restrictions and perform unauthorized actions, or cause denial-of-service conditions.

RECOMMENDATIONS:
We recommend the following actions be taken:

  • Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:
Google:
https://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop_18.html

CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13685
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13686
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13688

Featured Webinars
Hear from our experts on the latest trends and best practices to optimize your network visibility and analysis.

CONTINUE THE DISCUSSION

People are talking about this in the Gigamon Community’s Application Intelligence group.

Share your thoughts today

RELATED CONTENT

REPORT
2022 Ransomware Defense Report
GET YOUR COPY  Go
WEBINAR
Unlock Ultimate Hybrid Cloud Security: Join Nutanix for Insights
WATCH ON DEMAND  Go
REPORT
2022 TLS Trends Data
DOWNLOAD REPORT  Go
WEBPAGE
Suddenly, Ransomware Has Nowhere to Hide
TAKE A LOOK  Go
COMPANY
GET HELP
PRODUCTS & SOLUTIONS
POPULAR LINKS
  • ©Gigamon 2022
Back to top