Vulnerability Assessment

A Simplified, More Manageable Network Vulnerability Scanner

Easily improve your network’s security posture with regular scans of your most vital systems

The dynamic nature of most environments requires persistent monitoring in order to defend against the evolving threat landscape. Constant changes to networks, systems, and applications can leave you susceptible to an attack, even if you are keeping your security controls up to date.

Stay on Schedule
Deploying and configuring a traditional security solution for network vulnerability scanning can be difficult and time-consuming. Often, IT teams conduct a scan only as a procedural ‘check the box’ measure, either in reaction to an incident or so infrequently that it has almost no measureable impact.

Zartek Global USM addresses this pain point by providing a simple, manageable platform that includes both asset discovery and network vulnerability scanning tools, as well as an easy to use interface for scheduling both types of scans. This allows you to ensure continuous vulnerability assessment without having to manage the process manually.

Zartek Global USM™ allows you to stay ahead of attackers with these advanced features:

Simple configuration and scheduling of network vulnerability scans

  • Easily set up scan jobs targeting individual assets, groups, or even entire networks
  • Schedule scans to run in advance to avoid disruption of critical services and take the guesswork out of managing a scanning routine
  • Control the techniques utilized and level of scanning intensity using default profiles or by creating your own

Intuitive dashboard and reporting interface

  • Leverage at-a-glance analysis of top assets and networks affected by discovered vulnerabilities
  • Produce useful and easily digestible reports that list threats by severity, allowing you to better prioritize your efforts

Regular updates to vulnerability related threat intelligence

  • Expert research on today’s attacks is developed into new vulnerability signatures
  • Effortlessly update this threat intelligence to spot the latest exploits

Simple Configuration and Scheduling of Network Vulnerability Scans

Traditional approaches to network vulnerability scanning and analysis rarely focus on usability and can seem unapproachable by those in IT wearing multiple hats. This leads to frustration, infrequent and inconsistent analysis and, too often, total project abandonment. Unfortunately, threat actors are all too familiar with this behavior and use it to their advantage by exploiting flaws in new additions to the victim’s environment.

When time and simplicity are of the essence, you need a security solution that accelerates your network vulnerability scanning and threat detection process. Zartek Global USM provides this functionality by bolstering a comprehensive vulnerability scanning engine with asset discovery, a streamlined UI, and uncomplicated scheduling. Scheduling scans in advance allows you to easily manage your network vulnerability scanning program as well as minimize disruption of critical services during peak time.

You can also easily specify the methods used during the scans as well as how intensely your assets are probed. You can use the predefined scanning profiles, modify them to meet your explicit needs, or create your own from scratch. Since an attacker’s privileges (or lack thereof) can influence the feasibility of exploiting certain vulnerabilities, you also have the ability to perform these scans in both authenticated and unauthenticated modes.

Intuitive Dashboard and Reporting Interface

Once you’ve scanned your assets for vulnerabilities, you need to develop a response plan that describes the vulnerabilities and their potential impact to your environment, and then decide which issues to remediate first. Doing this efficiently requires expert knowledge of not only the exploit methods but the affected systems as well.

Zartek Global USM gives you an interface that provides a graphical display of vulnerabilities discovered by severity as well as affected services, systems, and networks. You also have a dashboard detailing the status of scheduled, in progress, and past scans. From here, you also have the ability to re-run scans, change scan job ownership, modify scanning schedules, or even delete jobs.

Reports produced contain rich, actionable intelligence including detailed descriptions of vulnerability, insight into root cause, and available workarounds. In most cases, links to references are provided for continued research. Exporting this data is easy, with links to download in PDF or CSV formats.

Regular Updates to Vulnerability Related Threat Intelligence

One of the most significant challenges to securing your environment is having the knowledge required to identify network vulnerabilities, prioritize which are the biggest threats to your environment, and then remediate any issues found. While many tools provide an initial set of vulnerability signatures, keeping them up to date and developing new ones is often up to the user. Especially when securing the network isn’t your only responsibility, you have little time to research new threats and develop vulnerability intel.

That’s where the Threat Intelligence produced by Zartek Global Labs steps in to assist. Think of it as an extension to your IT team – they are constantly performing advanced research on current threats and developing updates to Zartek Global USM’s threat intelligence. In addition to the vulnerability signatures, you receive updates to SIEM correlation rules, IDS signatures, knowledgebase articles, and more.

Updating the Zartek Global USM platform is extremely easy, designed to minimize downtime, and just requires a couple of mouse clicks. This ensures that Zartek Global USM is continuously conducting network vulnerability scans for the latest threats without requiring in-house research or development of vulnerability data. This allows you to allocate your time and resources to other responsibilities and, do more with a smaller team.

Zartek Global Unified Security Management™ (USM) provides you complete security visibility with built-in vulnerability management software. Zartek Global USM&trade also includes other essential security tools built-in and continuous threat intelligence updates from Zartek Global Labs.

  • Includes network intrusion detection (NIDS) and host-based intrusion detection (HIDS)
  • Combines asset discovery, vulnerability assessment, intrusion detection, NetFlow analysis, SIEM, and integrated threat intelligence in one console
  • Stays current with continuous threat intelligence updates including new correlation directives, attack signatures, report templates, and more from Zartek Global Labs
  • Offers full threat context and step-by-step response guidance for attacks
  • Installation to insight in less than an hour
  • Actionable, community-powered threat data from OTX, the world’s first truly open threat intelligence community that enables collaborative defense

Vulnerability Management Lifecycle

Vulnerability scanners

Active scanners look for unpatched insecure software, open ports, poorly configured software and known security problems. Zartek Global Unified Security Management™ (USM) provides built-in vulnerability scanning and assessment.

Vulnerability management is never “done”

Once vulnerabilities have been identified, remediation is required. Since thousands of vulnerabilities are discovered each year, and seemingly never-ending security updates and patches required, remediation needs to be prioritized. Vulnerability management is never “done”, as increasing attack vectors and software complexity require continuous monitoring and methods to prioritize remediation. Since newly-found vulnerabilities are constantly surfacing, and the organization’s IT infrastructure is typically changing over time, consistent diligence is required for effective vulnerability management.

Importance of being up-to-date

Vulnerability assessment software must be up-to-date, since exploits often opportunistically follow the discovery and public announcement of vulnerabilities by the security community. Zartek Global’s USM vulnerability database is constantly updated.

Not All Vulnerabilities are Created Equal

Prioritize Remediation

Careful risk management is required, since many organizations find “they can’t fix everything”.

Keep up with Software Patches

Keeping up with the patching required by Microsoft and other third party software is difficult. Often, patching, applying updates and reconfiguring systems is required to remediate vulnerabilities found in scans, and the impact to operations can be prohibitive.

Make sure you’re seeing critical assets

A big part of effective vulnerability management is assuring that you are scanning all aspects of your IT infrastructure that may introduce vulnerabilities for exploit. This encompasses core components, including network devices, virtualized assets, and assets that IT is not aware of, “Rogue” assets can be introduced by a line of business, or an individual, maliciously or benignly. These may be in violation of your organization’s Acceptable Use policy. Zartek Global USM provides powerful built-in asset discovery capabilities.

Know which assets are vulnerable when doing incident response.

The integrated vulnerability scanning in Zartek Global USM lets you know which of your assets are actually vulnerable to the exploits being attempted. Having this information “at your fingertips” gives you the actionable information you need to do your job.

Determine which vulnerabilities require immediate attention

Management may choose to acknowledge some vulnerabilities but not remediate them immediately. Businesses are often willing to accept the risk rather than taking on the financial investment to address vulnerabilities. This decision to wait on remediation includes several factors, such as the value of the asset, the impact to the business to perform remediation and the accessibility to to the asset beyond the organization’s internal network – on the internet.

Set up a scanning and reporting cadence

As part of an overall vulnerability management process, USM’s vulnerability assessment lets you schedule scans very flexibly, selecting which network segments are to be scanned, and at what frequency. Findings of the scans can be used to create alarms on the USM web interface, and correlated with other events occurring on your network.

Keep an eye on known bad actors

The Zartek Global Open Threat Exchange™ (OTX) is the world’s first truly open threat intelligence community that enables collaborative defense with actionable, community-powered threat data. OTX gives you the final piece of the puzzle – a view the external world. With OTX you have visibility into the latest malicious behavior of known malicious hosts. OTX’s community-powered threat data helps you prioritize your remediation efforts, which is highly useful when

Zartek Global Unified Security Management™ (USM) provides built-in vulnerability assessment with the essential capabilities you need for complete security visibility and threat intelligence, all in one easy-to-use console.

This page will help you understand how Zartek Global USM™ enables you to:

  • Get built-in vulnerability assessment capabilities
  • Scan and monitor for new vulnerabilities continuously
  • Prioritize and remediate vulnerabilities more effectively
  • Gain complete security visibility and threat detection
  • Detect the latest threats with continuous threat intelligence

Get Immediate Results on Day One

  • Deploy quickly: Go from download to detection in less than one hour
  • Auto-discover asset information: Collect device, software, configuration, vulnerability, and active threat data
  • Get actionable, relevant threat intelligence: See prioritized threats, detailed context, and remediation guidance

Vulnerability Assessment Built-In

Detect, Prioritize, and Remediate Security Risk Fast

Vulnerability Assessment starts with Asset Discovery, which is essential to have for overall visibility of your network. It also helps you target the range of IPs for your vulnerability scan. You can granularly define the vulnerability scan to specific network segments and assets of interest. Scans can be either done ad-hoc or scheduled on regular intervals. With the number of network security events rising every year, it is essential for you to prioritize your remediation efforts and deploy the most important patches and security updates first. Zartek Global USM can report on scanning results regularly to management to assist in documenting remediation progress. USM’s built-in vulnerability assessment filters through the noise of false positives and vulnerabilities that are less important and allows you to focus on risks that truly matter to your business.

Understand your network before scanning

USM provides auto-discovered, detailed asset information to help you visualize your entire network. You should focus your Vulnerability scans, at a minimum, on externally accessible assets that are the most important to the health of your business.

Scanning and reporting can be done on-demand, in response to an incident, or scheduled

USM allows you to schedule vulnerability scans to meet your requirements, such as hourly, weekly or monthly. In addition, you can scan more important network segments or groups more regularly. USM also provides flexible reporting, which can be done ad-hoc, or on a scheduled basis and sent to email addresses you specify.

Vulnerability scanning needs to provide you actionable information

Finding, verifying, and fixing vulnerabilities is a constant battle for IT. Zartek Global USM helps accelerate that task by providing not only vulnerability scanning and assessment, but also details about the vulnerabilities themselves. The ability to see external threat information, such as communication with known malicious hosts via the community-powered Open Threat Exchange™ data delivered automatically into USM, helps prioritize your remediation efforts. In addition, Zartek Global’s USM integrated Host and Network IDS and SIEM provide rich contextual information to help with incident response.

Vulnerability information adds context for security incident response

As new threats enter the security landscape, you will be able to run vulnerability scans on-the-fly to help determine if you are vulnerable to new exploits. You will also be able to see the last scan results across your assets, to assist in incident response. You can see vulnerability and asset information conveniently displayed in a single console with USM.

Zartek Global’s USM built-in functionality gives you the ability to continuously identify insecure configurations, unpatched and unsupported software. You have the flexibility to implement vulnerability assessment that matches your needs. For example, you may wish to run authenticated scans on compliance-related assets and throttle back to passive vulnerability assessment on low risk assets where reducing network traffic matters more than validating stringent security configurations.

In addition to giving you maximum flexibility in implementing vulnerability assessment, USM software also encourages you to adopt a continuous process of vulnerability management by providing scheduled scans at frequent intervals, such as daily or weekly. In this way, you can keep on top of the changing threat landscape.

Traditional active network scanning

USM supports this common approach used by many vulnerability assessment tools, actively probing for suspected vulnerabilities in IT assets using carefully crafted network traffic to solicit a response.

Continuous vulnerability monitoring

USM supports this approach as well, which is also known as passive vulnerability detection. USM correlates the data gathered by its asset discovery scans with known vulnerability information for improved accuracy. This provides more relevant vulnerability information while minimizing network noise and system impact.

Unauthenticated scanning

USM is also able to scan without requiring host credentials. This scan probes hosts with targeted traffic and analyzes the subsequent response to determine the configuration of the remote system and any vulnerabilities in installed OS and application software.

Authenticated scanning

USM is able to conduct scanning on an authenticated basis. This entails access to the target host’s file system, to be able to perform more accurate and comprehensive vulnerability detection by inspecting the installed software and its configuration. For example, with Windows servers you can access registry keys and files, looking for traces of infiltration.

Prioritize and Remediate

Do It More Effectively With USM

IT risk cannot be prevented 100% – it can only be mitigated. The old fashioned “check list” approach of finding huge numbers of vulnerabilities and creating a list for some poor intern to fix is a thing of the past. With the complexity of IT and the rapidly changing threat landscape, it is also critically important to prioritize remediation based on a number of factors:

  • Not all vulnerabilities are equal – some are more critical than others due to several factors, including the presence of an exploit in the wild and the consequences of a successful exploit
  • Similarly, all assets are not equal – some are more critical due to business importance of the applications, processes, or data on the system, as well as any regulatory requirements

You need to factor in all of these issues to prioritize your remediation efforts. For example, you may have a high impact vulnerability on a low risk system (perhaps because it has only a test database of random data) that may be less important to remediate than a medium impact vulnerability on a high risk system (perhaps in the DMZ.)

Remediating vulnerabilities almost always has an impact on IT Operations and your users

Remediation is typically done with OS and application patching, downloading security updates and providing workarounds to avoid the vulnerability. These remediation actions can be inconvenient to your users at the least, and may impact your business.

The unified and coordinated capabilities of USM work in concert with vulnerability assessment

USM helps prioritize remediation with multiple technologies beyond simple vulnerability assessment: Host and Network Intrusion Detection Systems (IDS), Asset Discovery, netflow and Security Information and Event Management (SIEM.) Vulnerabilities must be exposed to threats in order to be exploited. With USM, you are aware when a vulnerable asset is actually exposed to threats.

USM provides remediation advice for vulnerabilities that are found

It includes dynamic incident response templates and 3rd party references to help you figure out how to remediate vulnerabilities that a scan may find. This advice saves you time looking up each vulnerability and tracking down this information yourself. In addition, the advice is vetted by Zartek Global Labs and kept up-to-date.

Zartek Global Unified Security Management

Vulnerability Assessment Plus Other Essential Security Controls

Single-purpose vulnerability scanning tools are valuable, but USM provides the overall security visibility they lack.

Faster Deployment Time

Go from install to insights in less than an hour with USM. All of the built-in security controls are pre-integrated and optimized to work together out of the box.

Low Administrative Overhead

Deploy and manage your IDS, HIDS, SIEM, and more from the same console.

Tuned Event Correlation

With the core data sources are already built-in, over 2,000 event correlation rules are already “fine tuned” and optimized, right out of the box.

Full Packet Capture

Any packet that triggers an IDS signature is automatically captured and displayed with the IDS event. Session monitoring and full packet capture can then be invoked for more extensive forensic investigation.

Reduced False Positives

IDS are notorious for “false positives,” events that appear to indicate an intrusion, but are actually harmless. Zartek Global USM eliminates many false positives by cross-correlating multiple security tools, including asset inventory, IDS, vulnerability scanning, behavioral analysis and visibility to netflow data.

Full Threat Context

All you need to know about an incident is captured in each alarm, including asset information (such as OS, software, identity), vulnerability data, visibility to netflow data, raw log data, and more.

Actionable Alarms

Each alarm provides step-by-step guidance on interpreting the threat, and how to contain it and respond.

Continually Updated Signatures and Rules

Continuous and coordinated updates to catch the latest threats.

Daily Threat Indicator Analysis

Using advanced sandboxing techniques to quarantine malware samples while we conduct static and dynamic analysis, we analyze the more than 3 million threat indicators submitted by our more than 37,000 participants in over 140 countries every day. This analysis provides key insights into the latest attacker tools and techniques.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our threat intelligence subscribers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, remediation guidance, and more.

Attacker Profile Analysis

We’re constantly monitoring hacker forums and underground networks for in-depth profiling of the common traits of cyber criminals. This information gives us unparalleled access for understanding the “attack horizon” and has resulted in major discoveries such as the evolution of Sykipot, Red October, and other malware outbreaks.

Threat Intelligence Collaboration

We’ve established strong connections with government agencies, academic researchers and other security vendors around the world. These relationships enable us access to pre-published vulnerability and malware updates as well as enhanced verification of our own research.

Honeypot Deployment and Analysis

Our global honeypots are essentially “virtual venus fly traps” set up to detect, capture, and analyze the latest attacker techniques and tools. Leveraging honeypots placed in high traffic networks, our threat intelligence subscribers are armed with the latest defensive strategies in the form of updated event correlation rules, IDS and vulnerability signatures, remediation guidance, and more.

Attack Alarms and Investigation

Investigate Root Cause Faster Than Ever

Instantly know the who, what, where, when and how of attacks – no matter where they originate.

Actionable Alarms

Zartek Global USM™ includes several different security monitoring technologies to gather information on a variety of threat vectors. Because we have access to everything you need to know about an asset, you can get to root cause faster than ever.

Risk Prioritization

Zartek Global Labs Threat Intelligence applies more than 2,000 event correlation rules against the raw event log data we collect, as well as the events triggered by our built-in intrusion detection software. This enables rapid, accurate, and actionable guidance that interprets the severity of the exposure based on the full threat context, telling you what to address first.

Kill Chain Attack Categorization

USM utilizes the Kill Chain Taxonomy that categorizes each alarm by the intent of the attacker for effective prioritization, so you know which events to focus on for deeper investigation and analysis.

Ticketing

Zartek Global USM™ can notify people via email, open a ticket in the built-in ticketing system, or integration with an external help desk / ticketing system. You can also configure it to execute a script to take automated and custom actions, based on your environment. USM’s built-in software ticketing system creates trouble tickets from vulnerability scans and alarms. These tickets specify who owns the remediation, the status and descriptive information. The tickets also provide a historical record of issues handled, as well as the capability to transfer tickets, assign them to others and push work to other groups.

Step-by-Step Investigation Instructions

Zartek Global Labs provides specific, contextual guidance on what to do when an alarm is triggered, so you can contain and investigate the incident quickly.