Sevco Security Shorts: Vulnerabilities

These last few weeks as you’ve seen, we’ve been releasing a series of videos from Chief Strategy Officer, Brian Contos, highlighting how Sevco’s 4D Asset Intelligence platform works, and how organizations can use it to better understand their IT environment. We call them Sevco Security Shorts.

Now, we’re posting this transcripts of this series for those that would prefer to read the content.

Hey everybody. In this Sevco short, we’re going to talk about integrating vulnerability scanner information into the Sevco Asset Intelligence Platform. Now, vulnerability scanners are great. They’re really great at finding vulnerabilities on devices. That’s what they were designed for. But what they’re not great at is determining the presence and state of your security controls, your IT management controls, what applications those devices are running, as well as what users and accounts are associated with those devices. So that’s where asset intelligence can really help. So in Sevco, I’m just going to go ahead and navigate over to my source inventory. Instead of looking at devices or users or software like we have in other Sevco Security Short Videos, I’m going to look at vulnerabilities. And specifically I’m going to pull up the Tenable vulnerability management integration.

Now here we see a list of different vulnerabilities, their severity, their categories, and how many devices are associated with these. And as we can see, there’s quite a few vulnerabilities that we see in this list, but let’s pick one of these at random. Here’s an Adobe Flash Player. We all know that Adobe is very popular, so it’s often attacked by nefarious individuals and groups. So let’s see what we find out about this Adobe. Well, first of all, this is a version of Adobe Flash that’s installed on a Windows device. It’s old and you can fix it by installing a newer version. Pretty straightforward. We also see all the CVSS scores as well, 9.4, 9.8, even a 10 here. And if we click on the links here to those scores, we’re going to pull up the NIST vulnerability database. And of course here we have a base score of 9.8. So this is a critical level vulnerability. And anything really, an 8, a 9, or a 10 means that it takes little to no skill to go ahead and compromise a device usually remotely and get full administrative access to that system.

So this is where things start to get a little bit more interesting. So now tell me all of the devices, and there’s 15 of them, that actually are running this particular version of Adobe Flash, and we see all these systems, the OS release, we also see first found and last found. So that’s really interesting because sometimes I’d like to know when this vulnerability was first discovered in my environment and if I still haven’t fixed it, why is there a lag? Is that lag a couple days, a couple of weeks? Is it a couple years? So that’s great to keep track of that. It just helps you really get a sense of the state of any particular asset.

So if I want to pick one of these, we’ll look at this Windows Server 2016 that’s in the data center. We’ll click on this device and let’s pull up the relevant information that we can find here. And we can augment all those capabilities of Tenable and other vulnerability scanners with information that’s gleaned from other sources within your centralized asset intelligence repository. So for example, we see that Automox is running, so that’s great. You’ve got some IT management, and we see that Tenable did do a scan about three days ago. That’s great. But if we look at our EDRs, Crowdstrike’s not installed and maybe SentinelOne’s our backup solution, and that’s not running either. So while we do have a patch management solution, we don’t have any EDRs installed.

Okay, well, that’s other information that I’d like to take into consideration now because now I might want to get a list of all the systems that are in this situation, running devices with level 8, 9, or 10 vulnerabilities that are in fact not even running in EDR. And when we click on additional details, we see the information that’s being pulled in from Automox, but let’s look at it specific to software. So now in addition to knowing about the device information and the vulnerability information, I know about all the different applications as well as patches and updates that are running on this particular device. And again, I can go over here into Tenable and pull up the vulnerability information. And now I have a list of all the different vulnerabilities–critical, high, medium, low, and informational vulnerabilities that exist on that system.

Correlated again with all the information about the devices, the software, and we even see what user is associated with this. In this case, it happens to be Caitlin Zang. So the real value add that you get from the Sevco Asset Intelligence Platform by integrating with a vulnerability scanner is you get all that rich intelligence gleaned from the vulnerability scanner, cross correlated with device information, application information, user and identity information, giving you a complete picture of not just that asset, but all the variables associated with that asset from different sources.

Interested in seeing how Sevco can give you this kind of visibility in your own IT environment? Click here to schedule a personalized 1:1 demo with our team.

 

Share This Post:

LinkedIn