Greenbone OpenVas Democratizes Cybersecurity In Galicia

The global cyber threat landscape is increasingly challenging organizations around the world to be proactive about cybersecurity. According to Bitkom the total sum of all IT-related crime will cost Germany 206 billion euros ($224 billion) in 2023. Globally, the costs of a single data breach are equally staggering. An adequate response requires more cybersecurity talent and more efficient use of existing cybersecurity talent. Here is a story of how Greenbone’s open-source approach impacts the interplay of these factors by democratizing cybersecurity, distributing the burden of cybersecurity solution development, and improving the value proposition for organizations seeking to defend their operations from cyber attacks.

Investing in Small and Medium-sized Enterprises (SMEs) that deliver cybersecurity products – especially those that deliver open-source solutions – is a multifaceted value proposition that smashes the glass ceiling for organizations of all sizes caught in the crosshairs of cybersecurity risk.

Galencia Adopts Greenbone’s OpenVAS For Its Value Proposition

Innovation has a perfect ally in technology and in the companies that develop it. Hence the importance of projects like OpenVAS developed here at Greenbone AG.

Considering the need for cyber R&D, talent growth, and investment, it’s no surprise that Galencia’s Núñez Feijóo has invested in the new Research and Innovation Strategies for Smart Specialisations (RIS3), and has chosen Greenbone’s foundational OpenVAS vulnerability management solution. The GaiásTech Center of the Agency for Technological Modernization of Galicia (Amtega) champions this proposal that democratizes cybersecurity and has recently published the new OpenVAS cloud application on its web platform GaiásTech Cloud, for businesses and users to evaluate the cybersecurity posture of publicly accessible IT infrastructure.

Galencia’s investment makes essential tools available for burgeoning EU businesses, enabling more sustainable growth across diverse industries. Furthermore, this investment cultivates exportable cybersecurity capabilities, enriching the national economy, and bolstering national security, while underscoring the imperative of innovation in combating the ongoing cybersecurity crisis.

OpenVAS is first and foremost a vulnerability scanning engine that executes vulnerability tests against targeted IT infrastructure to detect security weaknesses that a cyber attacker could exploit to gain unauthorized access. Vulnerability scanning with OpenVAS represents a proactive approach to security. The results of a vulnerability scan give all stakeholders an attestation that software updates and security patches have been applied and that existing system configurations are hardened against attack.

Aligning these investments with the Research and Innovation Strategies for Smart Specialization (RIS3) framework is prudent, recognizing the global need, including within the EU, to synchronize cybersecurity capabilities with the risks posed by rapid technological advancement, digitization, and the increasing technologization of critical infrastructure. RIS3 represents a structured model for strategic investment, enabling nations and regions to harness their unique strengths in advancing cybersecurity readiness and resilience.

How Does OpenVAS Democratize Cybersecurity?

In a broad sense, “democratizing” something, such as cybersecurity, means making it more accessible, inclusive, and equitable to a larger and more diverse group of people or organizations. It involves breaking down barriers and providing opportunities for broader participation, understanding, and empowerment in that particular domain.

The most obvious contribution that the Open Vulnerability Assessment System (aka OpenVAS) makes to democratizing cybersecurity is obvious by the use of the word “Open” in its name referring to the project’s “open-source” development model. The concept of open-source software has been around since the 1980s when MIT’s Richard Stallman launched the GNU Project to develop a complete Unix-like operating system composed entirely of free and open-source software, which users could use, modify, and distribute freely. However, the term “open source software” and the practical advantages of the open-source development model didn’t emerge until 1998 through the works of Eric S. Raymond and Bruce Perens. Greenbone’s OpenVAS and related tools are released under various open-source licenses, including the GNU General Public License (GPL) version 2, and Open Database License (ODbL) version 1.

Here we can seek to understand the particular nuanced ways that open-source software supports the democratization of cybersecurity:

• Increased Accessibility To Cybersecurity Tools: Open source solutions ensure that cybersecurity resources, tools, and knowledge are readily available and accessible to a wide range of users, regardless of their technical expertise, financial resources, or geographic location. This enables individuals and smaller organizations, non-profit organizations, and underserved communities to protect themselves against cyber threats.

• Community Involvement In Security-Minded Discourse: Encouraging community participation and collaboration in cybersecurity efforts is crucial. This includes fostering a culture of information sharing, crowdsourcing threat intelligence, and engaging in collaborative security initiatives and services to provide direct access to cybersecurity professionals of all levels of expertise and experience.

• Education and Awareness: Democratizing cybersecurity involves educating and raising awareness among users about the importance of cybersecurity practices and hygiene. It empowers individuals and organizations with the knowledge to protect themselves.

• Better Products Through Collaboration: Open source software and open standards often play a role in making cybersecurity technologies, standards, and information openly available for scrutiny and collaboration. in this process.

• Reducing Dependence: Reducing dependence on a single vendor or entity for cybersecurity solutions results in a more sustainable software ecosystem. This also fosters competition and choice, enabling users to select solutions that best meet their needs and preferences and gives them a solid foundation to start building their own custom solutions.

• Global Reach: Democratizing cybersecurity recognizes that cyber threats are global and that solutions should be accessible and relevant to a global audience. It seeks to address cybersecurity challenges on a global scale.

• Adaptability: Democratization involves adapting cybersecurity measures to different contexts and environments. This recognizes that one-size-fits-all solutions may not work for everyone and that those who require custom tools can draw from an existing repository of open-source software created by community efforts.

OpenVAS being part of Greenbone’s broader open-source technology stack, represents a greater public value than the mere sum of its parts as a vulnerability management solution. Greenbone supports the democratization of cybersecurity in the following ways:

• The source code building blocks of open-source software are publicly available for download and review by anyone, as opposed to a proprietary closed-source software product model where code is protected as a form of intellectual property. The development of OpenVAS contributes to a shareable economy of cybersecurity infrastructure that can be leveraged without the added costs of software licensing.

• While Greenbone Enterprise Edition is available for larger organizations with a need for increased security assurances, Greenbone’s Community Edition provides a complete platform for vulnerability management free of charge.

Summary

The financial threat of cybercrime looms large, putting pressure on organizations to make more efficient use of their existing IT security talent and simultaneously grow the next generation of skilled IT security professionals. The need for more investment into cybersecurity research and development is an important ongoing factor that will ultimately determine the cyber-resilience of global organizations of all shapes and sizes. SMEs and organizations within marginalized groups will especially face the most difficulty in allocating an adequate budget for advanced cybersecurity defenses.

Also, as our societies continue to digitize, the risks to critical infrastructures, personal data, and business continuity impact everyone in society to some degree and it is especially encouraging to see exemplary leaders such as Núñez Feijóo of Gaicia taking measures to ensure not only better IT security posture for themselves, but also, supporting open source cybersecurity initiatives that foster a culture of democratization of IT security.