Hello, cybersecurity champions! 🏆
Welcome to the third instalment in our series on Cybersecurity Observability use cases.
Today, we’re tackling a critical issue that keeps many CISOs up at night: devices that are flying under the vulnerability scanner radar.
Picture this: Your vulnerability assessment tools are humming along, identifying known vulnerabilities left and right. But then your CISO drops this bombshell:
"How do we know we're scanning all our devices? What about the ones we don't even know exist?" (Chief Information Security Officer)
Gulp. It’s the cybersecurity equivalent of “unknown unknowns.”
But don’t sweat it! 🥵
This is what we at SJULTRA solve with CAASM (Cyber Asset Attack Surface Management) and cybersecurity observability shine.
Here’s the deal: Your vulnerability assessment tools are great at finding issues on devices they know about. But what about the devices they don’t know exist? These could be:
These invisible assets are like open windows in your digital fortress. And the worst part? Your vulnerability scanner’s admin console won’t tell you about them because it doesn’t know they exist!
Who's job is it to find devices that are missing from the inventory and not being vulnerability scanned?
This is where SJULTRA’s CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… More service comes to the rescue. It’s like giving your security team x-ray vision for your network.
Our CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… More pulls data from multiple sources:
By cross-referencing these sources, CAASM can spot the devices that should be scanned but aren’t. It’s like finding the missing pieces in your security puzzle!
Show me all devices that aren't known to any Vulnerability Assessment Tools.
3. Query Language (SQL):
not specific_data.data.adapter_properties == "Vulnerability_Assessment"
This query finds devices missing Vulnerability Scanner coverage by showing anything not known to security solutions categorized as Vulnerability Assessment Tools. Here’s an example of the returned results:
Simple, right? But incredibly powerful.
Let’s get more specific. Say your policy requires all Windows devices to be scanned. We can modify our wizard query:
Or in AQL…
specific_data.data.os.type == "Windows" and not specific_data.data.adapter_properties == "Vulnerability_Assessment"
Results in…
…and so on.
But if you have a large estate and lots of results, you can filter down the most recently seen windows devices by adding an extra line to your query: “Last Seen (Days) 7”
specific_data.data.os.type == "Windows" and not specific_data.data.adapter_properties == "Vulnerability_Assessment" and specific_data.data.last_seen >= date("NOW - 7d")
Great, we’ve uncovered these hidden devices. What’s next? This is where the “action” part of our cybersecurity observability comes in. We’ve got four tricks up our sleeves:
And there you have it, champions!
That’s how we turn the invisible threat of unscanned devices into a manageable, observable process.
It’s not just about finding vulnerabilities; it’s about making sure we’re looking in all the right places.
Remember, this is just 3 out of 14 standard use cases we help our customers with as part of our CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… More Concierge service. And guess what? You can get it for free!
In the world of cybersecurity, what you don’t know can hurt you. But with the right tools and a bit of observability magic, we can shine a light on those hidden threats.
Stay vigilant, keep querying, and may all your devices be scanned and secure!
Read the documentation on Finding Devices Not Being Scanned For Vulnerabilities.
