News

News and Press Releases

it-sa 2014: Get tickets from the verinice-team

10.07.2014

verinice will be present at the IT-security expo it-sa from October 7th to 9th 2014 in Nuremberg. Meet up with the team in hall 12.0 / 12.0-339 and get all the news about verinice as well as the future roadmap. 

You're planning to attend? We'll hand out codes for etickets - just send uns an email to itsa@remove-this.sernet.de. It can be redeemed at www.it-sa.de/voucher from August 26th onwards.  

 

 


verinice 1.7.0 available

09.05.2014

From now on verinice is available in version 1.7.0. Main changes are: 

ISO 27001:2013 / IT Baseline-Catalog, 13th Addition

The standards ISO / IEC 27001:2013 and the IT-Baseline Catalog with its 13th supplemental set are availabe in the most recent versions.

Direct import for file structures

verinice can now import entire subtrees from the file system into the database in a single action. Folder structures are also listed, files create appropriate objects and are imported simultaneously as attachments. Existing policies or audit evidence can be quickly and simply transfered into the database. The import can also create connections between objects, e.g. map the relationship between policies and the controls described therein.

Consolidate with links

A new consolidation function for IS Assessments makes it possible to transfere existing audit results to surveillance audits. Existing linkages such as to central directives and other objects are taken into acount. This feature facilitates the continuous checking of information security through the acquisition of past findings and the evidence as a starting point for a new audit .

Web service for Importing File Attachments

Other applications are now able to import attachments automatically using the web service. For example, reports from OpenVAS / Greenbone-GSM can be created automatically in the verinice database and the original reports are stated as well as reference.

Task overview

A new report for verinice.PRO users shows tasks in the system that are assigned using workflows. Thus, the processing status of each task, the person responsible and the time frames are visible and make it a lot easier to track tasks at hand.

English Manuals

Manuals are available in English now. These include: 

  • verinice.PRO installation under CentOS and RHEL
  • Installation of the verinice.PRO Appliance
  • Quick reference for the verinice. Report Designer (vDesigner)

Information about Heartbleed

16.04.2014

"Heartbleed" - a severe vulnerability in the OpenSSL encryption software - currently worries the IT scene. At SerNet and in the verinice team we looked into the matter intensively and found corresponding solutions. We will keep you updated about all possible developments. 

Information for verinice customers:

  • The verinice client is not affected.
  • Users of the appliances should draw or update the OpenSSL package , the update is already available.
  • Heartbleed has also affected the verinice repository. We have already taken all the necessary measures , the server is no longer vulnerable.

UPDATE for SerNet customers with firewall systems:

All measures to be taken have been completed. Affected customers were informed and the vulnerability is closed. If necessary, the SSL certificates were exchanged.

If you have specific questions about your systems and Heartbleed, please call us at +49 551 37 0000 0 or send an e-mail to heartbleed@remove-this.sernet.de or contact the verinice support directly.


Successful coupling: Greenbone and verince

04.04.2014

A case study from Greenbone Networks GmbH shows how to make automated vulnerability management possible in combination with verinice: LEONI AG, automotive supplier headquartered in Nuremberg, relies on a combination of Greenbone Security Manager (GSM) and verinice.PRO 

The case study "Vulnerability Management" is available as PDF at Greenbone.

As it stands out, LEONI was able to increase the elimination of vulnerabilities significantly as well as raise the efficiency of globally distributed IT teams. Success factor is the close integration of the two components - made possible by Greenbone Networks and SerNet working together closely. As a result LEONI achieved time savings and reduced the number of vulnerabilities to one tenth of the previous value.

You want to know more about GSM and verinice? Please feel free to send us a mail to verinice@remove-this.sernet.de.
 


CeBIT 2014: Meet the verinice-Team

03.03.2014

From March 10th - 14th, our verinice-Team and SerNet relocate to Hannover to take part in the CeBIT 2014. You'll find us ins hall 6, stand G10 – visit us there and get to know all the developments regarding our ISMS-Tool.

Exchange your ideas and your future requiremets for verinice with us, learn more about the verinice roadmap and have a look at verinice.PRO. Or just enjoy a cup of coffee with us.

You need an eTicket? We've got one for you! Just contact us at cebit@sernet.de

We're looking forward to meet you in Hannover!


Get to know verinice 1.6.3 at it-sa 2013

01.10.2013

The verinice team will be present at the IT security fair it-sa in Nuremberg (8 - 10 October 2013). You will find us in Hall 12, Booth 333.

Find out the latest news about our ISMS software in version 1.6.3 - it provides security managers with simplifications for their daily tasks and furthers the development of the workflow engine which started with version 1.6 consistently. Of course, we can also advise you in all matters relating to information security standards such as BSI IT-Baseline Protection and ISO 27001, data protection and risk management.

We're free for individual appointments!

Want to visit us at the it-sa? Then redeem voucher number 27069 on www.it-sa.de/en/visitors/tickets/voucher/ - you'll receive a free e-ticket. Or contact us at it-sa@sernet.de.


verinice 1.6.3 has been released

19.09.2013

New in this release

  • Copy with links
    When copying objects, these can now be copied including links to other objects if desired. Thanks to this feature complete subtrees can be selected in the tree view and can be duplicated with all the links within the sub- tree as well as other elements. Thus, for example templates for audits can be created and their copies shall also be linked to central resources (eg overarching guidelines, responsible persons).
  • Scope display in different views
    When displaying related objects the related scope will be displayed in a new column. So now the desired objects with identical names (eg "Mail Server") can be identified faster.
  • Java 7
    The JRE version delivered with verinice is now 1.7.0_25 .
  • verinice.PRO
    New RPM package for the user manual
    For verinice.PRO the new package "verinicepro-manual" is available.
    After the installation a new tab is available on the intranet site of the verinice.PRO server. You can now access the user manual via PDF download or as HTML pages.
  • Various improvements:

    • The import uses significantly less memory resources.
    • Additional keyboard shortcuts are available.
    • Drag-and-drop is now possible for basic protection measures.
    • IT-Baseline modules are displayed in the link manager.
    • The report cache can now be reset in the report dialog .
    • We have improved the behavior for default folders in the report dialog.
    • In reports designed accordingly a multiple selection for scopes is available.
    • Objects are immediately visible after moving into previously empty groups.
    • Compatibility with Java 8.


Change the working directory - Notes:
If you have changed the path for the working directory of verinice in the file "verinice.ini", please check the information in the full release notes.
These can be found at:
verinicepro.org/release-notes/ (German only at the moment.)


verinice1.6.2 is out

27.05.2013

Download verinice in version 1.6.2 - new in this release:

  • Vulnerability Tracking with Greenbone GSM and verinice



    With verinice and Greenbone / OpenVAS, you're well prepared when ISO 27001:2013 is published, come the end of 2013! It increases the importance of the detection and removal of software with known technical vulnerabilities with the (extended) section A.12.6 "Technical Vulnerability Management" and the new  A.18.1.3 "Technical Compliance Inspection"!
    You can import your scan results from Greenbone GSM / OpenVAS directly into verinice and use it there as part of your risk analysis. Users of IT baseline protection benefit from the new automated import of GSM IT Baseline Protection scans via the verinice webservice.

  • Workflow-based vulnerability tracking and patch management



    With verinice.PRO you can go further in tracking vulnerabilities: Do you know the problem, that you're faced with hundreds or thousands of identified vulnerabilities and now you have to evaluate and aggregate them by topic and responsibility? Can you still manage the timely fix of these vulnerabilities if you use distributed responsibilities - maybe even worldwide - that have to be considered in patch management?
    Verinice.PRO brings a new type of workflow specifically designed for this purpose. Identified weak spots are packed in compact groups for individual managers, are communicated via e-mail notification and web frontend and the prompt correction is monitored by the workflow enginge of verinice.PRO. The configurable, regularly scheduled transfer from the scanner to verinice confirmes the adjustment as final instance - or uncovers the patching of vulnerable software left undone.

  • The verinice risk catalog
    The new verinice risk catalog is now available in our webshop. It facilitates and accelerates the implementation of a risk assessment in accordance to ISO 27005. Our new screencast shows the use of the catalog and the basic risk assessment methodology in verinice - see http://www.verinice.com/en/media. Both, the screencast and the catalog, are available in German and English.
    The catalog is already included in verinice.PRO subscriptions.
  • The vernice.PARTNER network
    On our new site verinice.com/en/partner you will now find a steadily growing list of experienced advisers. They have already mastered  several projects with verinice / verinice.PRO, successfully coached their customers and can achieve the goals set by them. verinice.PARTNER support you accordingly to their specialities both with the technical implementation of a information security project / audits as well as the installation and maintenance of a verinice instance.
  • Entry forms take dependencies with regard to contents into account
    All entry forms in verinice support to show and hide form fields depending on previous selections. Thus, for example the fields for the required levels of protection disappear as soon as the user selects the "maximum principle" for automatic inheritance. These dependencies can now be found in many places, they provide an improved overview as well as improve data quality.

Please check the general instructions for the update and the release notes (German only at the moment).


Subscribe to the verinice manual

30.01.2013

As of now the manual for the free open source tool verinice. is available at the verinice Online Shop. verinice helps you to handle the management of information security.

Over 150 pages explain the operation of the Client for Windows, Mac and Linux, describe the web frontend and give many instruction for the operation of the verinice.PRO server.

Separate chapters deal with the topics "Methods for Risk Management",
working withe the different perspectives, "Privacy", "Basic protection", "ISM / ISO" and "VDA" especially for the users in the Automotive sector.

The manual is only available as subscription and is distributed as PDF. For 49.98 Euros, customers get a one-year-access to the documentation maintained by SerNet. The manual is free for users of verinice.PRO.

We do not sell paper that is already outdated at the time of delivery. Rather, customers have the opportunity to download the current PDF up to the last day of their subscription.

With the manual SerNet tries to transfer the successful open source distribution model of the update subscriptions to the documentation as well.

Visit http://shop.v.de to shop the offer.


IT-Baseline Catalogs, 12th supplemental set

18.07.2012

Yesterday, the BSI released the metadata update for the 12th supplemental set of the IT-Baseline Catalogs (German only). As of now, this update is available for verinice users.

For users of the free version of verinice the catalog can be found on our download server: it-grundschutz_el12_html_de.zip.

After downloading, the file has to be selected in the settings of verinice:

Menu -> Einstellungen -> BSI IT-Grundschutz -> ZIP-Datei mit GS-Katalogen

Please note: Unlike before, the version that is available on the BSI website for download cannnot be used in verinice directly. Please use the above mentioned file only.

For users of verinice.PRO a new RPM package is ready in the repository. It can be installed using the normal update command. After updating the RPM package verinice.PRO the configuration of the server has to be changed in order for the new file to be processed. In the file:

/usr/share/tomcat6/webapps/veriniceserver/WEB-INF/veriniceserver-plain.properties

change the property

veriniceserver.grundschutzKataloge

to

veriniceserver.grundschutzKataloge=/WEB-INF/it-grundschutz_el12_html_de.zip

Please note the list of changes of the 12th supplemental set compared to the previous version. In particular, changes in individual actions, that have to be considered as part of your basic security check. Changes such as discontinued measures are represented by verinice after the import. Changes in the content of individual measures must be reviewed by the security officer and possibly be re-evaluated.

When transferring the existing results to revised modules the verinice consolidation feature can be of help.

The complete description of all changes can be found in the PDF document provided by the BSI, see chapter "New": IT-Grundschutz-Kataloge-12-EL.pdf

Here is a short list of the main new features:

  • Module 3.403 answering machineremoved
  • Module 5.10 Internet Information Server removed
  • Module 5.11 Apache Webserver removed
  • Module 3.401 PBX revised
  • Module 5.3 Groupware revised (former title : "E -mail" )
  • Module 5.4 Webserver revised
  • Module 4.8 Bluetooth added
  • Module 3.305 Terminal Server added
  • Module 3.304 virtualization added
  • Module 5.18 DNS server added
  • Module 5.19 Internet use added

Note for verinice.PRO installations: In order to include the new Grundschutzkatalog immediately, the cache of the application server needs to be emptied. Proceed as followed.

1. Stop the Tomcat-Server.

2. Delete all files in the folder /var/cache/tomcat/temp/ .

3. Deploy the changes in the file "veriniceserver-plain.properties". It is located in the directory /usr/share/tomcat6/webapps/veriniceserver/WEB-INF/ and contains the properties and preferences of the Baseline Catalogs to be used.

4. Restart the Tomcat-Server.


English languageDeutsche SpracheLingua italiana
© SerNet GmbH, 2018