Vulnerability Scanning: Are you Fighting Blind?
The WFH revolution has forced many companies to rethink their security posture.
Take vulnerability scans. Software such as Nessus from Tenable is fantastic when we have tight control over our IT architecture but as the WFH revolution causes our networks to grow in scale and complexity, a different set of tools are needed.
We take a look at some great security solutions that achieve real time visibility into all aspects of a corporate network, even reaching the most remotely deployed endpoints.
If you’re interested (and you probably should be), Shamrock Consulting Group can secure these cutting-edge tools for you at the best prices.
New Tool for a New Threat
Hackers watch the news and they are well aware that businesses are being forced to deploy legions of remote workers even though many are poorly prepared for the security changes that are needed.
Remote hosts have become the prime target of these cybercriminals who know that many will not only be poorly secured but will be outside of the range of common vulnerability scanners.
Shamrock has been impressed with a powerful suite of security services provided by CrowdStrike. CrowdStrike’s Falcon platform combines a lightweight agent, which can be quickly and easily installed on remote devices, with a range of cloud-based modules.
In terms of security hygiene and vulnerability scanning, the Falcon Discover and Falcon Spotlight modules stand out.
Introducing Falcon Discover and Falcon Spotlight
Falcon Discover is an IT security hygiene app designed to eliminate all of those dangerous blind spots that hackers are exploiting. It focuses on the three most important areas of vulnerability for any company: its assets, applications and users. Discover will give you real time (and up to 72 hours historical) visibility into every device on your network. You will see immediately whether the device is protected under the Falcon platform and if it is managed, unmanaged or unsupported.
You will also get to see data from every application you are running including its version number. As for users, Discover tells you what admin privileges they have, their access history and when their passwords were last updated. In addition to real time user activity, you can access up to 90 days’ worth of historical data.
Falcon Spotlight is a module that is already built into the lightweight Falcon agent. It provides ‘always-on’ scan-less vulnerability management so there is no need to wait for a scheduled scan. Spotlight automatically collects real time data with no performance impact on endpoints. Using Spotlight’s intuitive dashboard, your InfoSec teams can triage security threats based on how critical they are. The spotlight dashboard also displays tables detailing the most relevant current threats including which products (browsers, operating systems, etc.) are most at risk. Reports can be generated at any time, giving up-to-the-minute insight to stakeholders.
Drilling down into specific CVEs displays in-depth information on the threat actor including their profile, MO and the likely attack surface based on how CVEs associated with that actor map on to your application inventory. It also gives a real-time picture of how protected your endpoints are by highlighting how many vulnerabilities have been closed and how many remain open.
That brings us nicely on to patch management.
Patch Deployment vs. Installation
According to Gartner, ‘The number one issue in vulnerability management is that organizations are not prioritizing their patching and mitigating controls.’
Can you trust your current vulnerability scanner to give you accurate data on patch status?
That depends how it works because some scan for patch deployment and others for live installations.
It’s like the controversy over some COVID-19 tests. Some governments have been caught out massaging figures by counting tests that have been sent out rather than those that have been taken.
Some vulnerability scanners look for patches by checking a software registry to see if the patch has been deployed. Even if the patch has failed to install, it sends back a false positive. Those green ticks are nice to look at but could be meaningless if your remote workers are having issues with receiving and installing those patches on to their devices.
With Falcon Spotlight, you can be sure that when the dashboard says an application has been patched, the patch has been received, downloaded and applied. This is because all applications are scanned in real-time and the live patch status is sent back.
Call Shamrock: We’ll Get You Up and Running
If you have lost visibility of your remote endpoints and you are concerned that hackers could be flying under the radar, we highly recommend you talk to Shamrock about your options. We can offer the best prices on CrowdStrike products and can also provide a free security assessment.
The most dangerous threats are those you don’t know about. Shamrock can help you turn over those stones and shine a spotlight into those dark places where hackers operate.