Continuous Asset Profiling - What is your attack surface?
At edgescan we have a solution called HIDE (Host Index Discovery and Enumeration) which is in effect a continuous asset profiling function it does the following:
HIDE query's entire IP ranges for our clients. This "blanket" covering of ranges gives our clients the ability to see whats "Alive" and whats enabled in seconds.
If an endpoint is decommissioned or newly deployed, HIDE detects the change and can alert users.
Why is HIDE "a hit" with our clients...?
Larger and growing organisations sometimes don't know what they have deployed to the public Internet.
Organisations which have migrated to the cloud may spin-up and tear-down instances on a frequent basis which can result in reallocation of IP's on a dynamic basis.
Tracking a dynamic attack surface in the case of cloud is challenging using traditional techniques and results in poor coverage and reaction time.
Even using immutable secure baseline instances in the cloud requires constant validation, this is where HIDE comes in.
The ability to provide continuous vigilance and alerting in a constantly changing environment is very attractive to most CISO's
Dynamic automated vulnerability management
As we can track the dynamic attack surface we can also deliver on-point vulnerability management such that once we discover a new instance we can immediately verify if it poses any security risk to the business. This coupled with alerting and awareness gives our clients much greater visibility of our security posture as our attack surface grows and reduces over time.
Pop over to www.edgescan.com for more information.
HIDE query's entire IP ranges for our clients. This "blanket" covering of ranges gives our clients the ability to see whats "Alive" and whats enabled in seconds.
If an endpoint is decommissioned or newly deployed, HIDE detects the change and can alert users.
- Detection of the state of all endpoints exposed to the public Internet
- Identification the endpoint and tries to resolve any DNS associated with it
- Enumeration the services and open ports enabled on the endpoint.
- Automated alerts based on user defined criterion (e.g. New host discovered, HOST dies etc).
- Detection is via cloud API's and/or port enumeration (TCP/UDP).
Why is HIDE "a hit" with our clients...?
Larger and growing organisations sometimes don't know what they have deployed to the public Internet.
Organisations which have migrated to the cloud may spin-up and tear-down instances on a frequent basis which can result in reallocation of IP's on a dynamic basis.
Tracking a dynamic attack surface in the case of cloud is challenging using traditional techniques and results in poor coverage and reaction time.
Even using immutable secure baseline instances in the cloud requires constant validation, this is where HIDE comes in.
The ability to provide continuous vigilance and alerting in a constantly changing environment is very attractive to most CISO's
Dynamic automated vulnerability management
As we can track the dynamic attack surface we can also deliver on-point vulnerability management such that once we discover a new instance we can immediately verify if it poses any security risk to the business. This coupled with alerting and awareness gives our clients much greater visibility of our security posture as our attack surface grows and reduces over time.
Pop over to www.edgescan.com for more information.
Comments
Post a Comment