Dynamic Auto Assessment - Simple but effective

By -

edgescan provides our clients with #fullstack security assessments but what does #fullstack mean?


 #fullstack covers may layers in the OSI  inter-connectivity diagram.

From "the top down......"

Deep Coverage


 Web Applications:

  1. Technical vulnerabilities (Injection attacks, scripting, error based attacks)
  2. Logical vulnerabilities
  3. Component Security (end-of-life components/plugins, insecure config)

Host Security:

  1. Patching
  2. Enabled services (Type, version, known vulnerabilities etc)
  3. Operating System Known vulnerabilities
  4. Weak protocols
  5. Weak configuration
So unlike many application-only or Host-only assessment services, edgescan discovers more possible weaknesses as a result of either via poor maintenance, configuration mistakes, deployment security, patching and also developer code....#fullstack

Wide Coverage

The holistic approach also covers ranges of IP's such as say a /24 or /16 cidr block.

Automatic Assessment:
edgescan shall assess anything that is "live" at a given point in time across the entire block. We find this helps with the use case of rogue deployments, insecure services being deployed, APT, data ex-filtration servers etc

In the age of the cloud, organisations servers are constantly being spun-up and torn-down depending on demand. Our approach to range-based assessments covers this scenario as our clients know everything live within their range shall be detected and assessed.

Automatic vulnerability assessment coupled with continuous asset profiling provides our clients with a very adaptable solution when their systems are constantly in a state of flux.

No need for messy licensing or paper work for every assessment given our licensing is range based and we don't mind how many servers are live at any point in-time they shall all be assessed and the results manually validated in our SoC...

Alerting
edgescan also has alerting capability such as SMS, email and soon to be #slack alerting which shall be 2-way (think of it as a vulnerability management #slackbot). 
You and ask edgescan to alert you if certain conditions arise such as:
  1. New asset discovered
  2. New Vulnerability Discovered
  3. Change in hosting environment
  4. Assessment cycle is completed
  5. etc etc
Risk Mitigation
Via our API you can now generate web layer mitigation rules for Web Application Firewalls (WAF) on demand (CItrix Netscalar and Mod_Security). This gives you the flexibility to virtually patch discovered issues very quickly using your underused WAF :)

Comments

Post a Comment

Popular posts from this blog

Edgescan, why we do what we do.....

By -
Image
  The cyber security industry is full of solutions to make you more secure. Some are unproven and other approaches work if deployed properly. Our industry is very fragmented. for example a recent "Cyber Defense" award I noticed has 195 categories!  I suppose we need to ask ourselves as companies from time to time why we do what we do?  So, the following post is, I guess, the reason we developed Edgescan and why we believe its a decent solution to help organizations improve and be more resilient in relation to cyber security and system protection.... Vulnerability scanning alone did not work. The idea of software testing software for vulnerabilities is a good one but both sides of the equation may have bugs. Bugs in one side (The target) may result in vulnerabilities, whilst bugs on the other side (Scanner) may result in false negatives and false positives.  Accuracy : To that end we built edgescan as a combination of automation to discover vulnerabilities at scale but  when c
Read more

20 years of Vulnerability Managment - Why we've failed and continue to do so.

By -
Image
Cyber Security: Keeping Pace with Change. Getting breached can really ruin your day. Actually it normally happens on a friday evening as you are about chill for the weekend. The cause of must breaches is not rocket science, its more to do with the poor approach we have accepted because we underestimate the threat actor.  - An attacker does not scan your website/network once a quarter with a commercial or open source scanner or perform an annual penetration test against your systems to see if there is any low hanging fruit, so how do we expect to defend against such an advisory using that approach? Systems change now more frequently than ever due to the ease of cloud deployments and the speed of software deployments due to iterative development techniques. The rate of change increase results in exposures quickly manifesting and the organisation not even being aware of the exposure in the first place. Many organisations dont know what they have exposed on the public Internet. We need t
Read more
By -
Image
The HSE Data Breach and the State of Irish Cyber Security Many years ago, shortly after I founded the Irish chapter of OWASP ( http://www.owasp.org ) (in 2007??) we were delivering free application and software development classes to anyone who wanted them. It was a local low key affair but every class we delivered was "sold out". We have 60-80 folks mostly developers willing to spend 4-5 hours on learning the fundamentals of secure application development and testing. I suppose we felt cyber security was an important issue because that's what we did. At the time many folks in business felt cyber security was an overhead or a "tax" and did not give it much time. A few years later (late 2010) when the the foundation of the NCSC (National Cyber Security Centre) was announced, a few of us (local OWASP Ireland leaders) wrote a number of emails to the Irish government offering free cyber security training. As we were working for a non profit (501.3c) charity (OWA
Read more