Cryptographically Secured Patching Increases Protection Against Infiltration Attempts in Software Maintenance Processes
Kirchheim, September 28, 2021. The current version 10.0 of the High Resistance Firewall genugate from German IT-security specialist genua has been certified in accordance with Common Criteria EAL4+ (CC EAL4+) since the end of June by the German Federal Office for Information Security (BSI). In doing so, the BSI for the first time accepted a safety component newly developed by genua for patch management (ALC_PAM) in the certification. This provides an especially effective protection of software updates against infiltration attempts, e.g., with malicious software. genugate is currently the only certified patch management solution worldwide.
Three Measures Provide Effective Protection Against Malicious Software
With patch management, development teams coordinate and test the updates of operating systems, platforms or software applications. This includes, among other things, the rectification of errors and vulnerabilities with new or updated source code, which is published in the form of software updates (patches). Patching is an essential part of the lifecycle and security management of IT systems. Patches do, however, offer attackers potential starting points for infiltration attempts, such as with malicious software.
With the "ALC_PAM" extended assurance component, genua provides especially effective protection against this IT-security risk by means of three security measures. First, the software used for loading the patches for genugate 10.0 was extensively tested and checked for vulnerabilities in the context of the BSI certification procedure. The software does more than just provide a cryptographic signature: it checks the patch for correctness, loads it in a cryptographically secured manner and then updates the version database. Second, patch creation occurs on the basis of precise processes that are defined at genua. These were evaluated by an independent testing laboratory accredited by the BSI. And third, the BSI checked the used cryptographic procedures.
Manage IT Systems More Effectively and Securely
Users will profit from certified patch management during future maintenance procedures as well, e.g., with new hardware revisions. Because the underlying processes are already known and have been evaluated in the certification procedure, the amount of work required for such tasks is reduced for genua. As a result, the IT-security specialist can make certified versions available even more quickly.
"Certified patch mechanisms allow companies to quickly and securely eliminate security gaps before attackers can exploit them," says Florian Riehm, Head of Development for Security Gateways at genua GmbH. "We therefore decided to include patch management in the Common Criteria certification. Vulnerabilities in these critical components can thereby be avoided right from the start. In the context of external quality assurance, the BSI certification also confirms that we offer an effective and future-oriented approach with this solution."
CC-Certification Confirms High Level of Trustworthiness
The abbreviation CC EAL4+ of the Common Criteria refers to the level of trustworthiness (Evaluation Assurance Level) of a certified product. The EAL levels defined in the CC standard describe precise requirements on a security test, on the scope of the testing, the testing depth and the testing methods.
Technical Innovations in genugate 10.0
The High Resistance Firewall genugate 10.0 is based on genugate 9.6. For users who have used genugate 9.0 up to now, all further developments from genugate 9.1 to 9.6 are therefore relevant. The most important changes since genugate 9.0 are:
REST-API for the automation of administration tasks
Web application firewall
Improved log evaluation through integration with Elastic Stack
Advanced Web Categories (successor of genublock) allows websites to be blocked according to category
The statistics show the result of a survey regarding future threats to IT security in Germany in 2021. At the time of the survey, 83 percent of the questioned industrial companies listed spyware attacks as a threat to IT security. Spyware or even backdoors can be injected into the system by means untrustworthy patches.
The High Resistance Firewall genugate 10.0 from BSI has been certified in accordance with Common Criteria EAL4+. In doing so, the BSI for the first time accepted a safety component newly developed by genua for patch management (ALC_PAM) in the certification.
© genua GmbH
genua GmbH is an enabler of digital transformation. We secure sensitive IT networks in the public and enterprise sectors, for critical infrastructure organizations and in industries with an obligation to maintain secrecy with highly secure and scalable cyber security solutions. In doing so, genua GmbH focuses on the comprehensive protection of networks, communication and internal network security for IT and OT. The range of solutions spans from firewalls and gateways, VPNs, remote maintenance systems, internal network security and cloud security to remote access solutions for mobile employees and home offices.
genua GmbH is a subsidiary of the Bundesdruckerei Group. With more than 300 employees, it develops and produces IT security solutions exclusively in Germany. Since the founding of the company in 1992, regular certifications and approvals from the German Federal Office for Information Security (BSI) provide proof of the high security and quality standards of the products. Customers include, among others, Arvato Systems, BMW, the German Armed Services, THW as well as the Würth Group.
85551 Kirchheim bei München
M +49 171 56 92 523