Bringing Visual Order to Network Vulnerability Chaos
October 9, 2019
Viewing your entire inventory, at a glance
Having an accurate, current asset inventory is essential to effective vulnerability management. It may sound obvious, but knowing what assets exist in your organization is the first line of defense in cybersecurity, and not necessarily trivial to accomplish. With Delve and its self-improving auto-discovery feature, finding all the Web applications, servers, network equipment, and other devices takes just two clicks. That’s exceptionally helpful, but largely useless unless we can also identify which ones need your attention. Thanks to our latest product update, and specifically improvements to the assets and websites panel, it is now even simpler to see at a glance what is in your network, and understand each asset’s risk exposure.
When displaying the Server or Website panel, you can now see all your assets and the relevant data for each. We’ve deployed the same display approach that was used for the recently revamped Vulnerability panel, as presented in my previous blog post, Not All Vulnerabilities are Created Equal.
To easily see the number of vulnerabilities on each asset, we’re first showing a bar chart splitting all vulnerabilities into four severity levels. By default, the assets with the most important vulnerabilities will be right at the top for easy viewing, but the bar chart visualization in the list allows for quick & easy identification of outlier assets as well.
We have also reworked the timeline graph. In keeping with our philosophy to present the information in an asset-centric way, the timeline will clearly show - in the last 12 months - when an asset was scanned the last time. Moreover, if we’re unable to complete scans on it, a red dot is displayed. If an asset has red and green dots split far apart, we would recommend our customer investigate why the asset wasn’t scanned recently. Freshness of vulnerability information is important for a number of reasons, most of all, it impacts the prioritization of vulnerabilities.
Assets can still be scanned on a daily, weekly or monthly schedule (or not at all), and their next scheduled scan period will be displayed on the last column. We’ve also added an indicator if a scan is currently being run the asset, with an estimate of how long scans should take.
Asset Detail Panels
All additional details on the asset are available right in the interface by clicking the entry or the chevron icon. The first panel shown will provide general information about the asset. We’ve also improved the UI so main actions are more accessible, for example launching a manual scan, defining the auto-scan schedule, or editing or deleting the asset.
The Software and Ports panels show all the software that was found installed on the machine with the specific version string that was detected, as well as open or filtered ports that are listed clearly with the entire banner response when applicable.
The Related Assets panel has also been enhanced. In order to better understand the complete risk a certain system represents in your environment, knowing what type of Web Applications it hosts and their vulnerabilities is paramount to grasping the complete attack surface. That’s why we not only take this into account in prioritization scoring, but it’s also shown visually in the Related Assets panel so that our customers can more efficiently acquire a complete picture at a glance.
Finally, the History panel has been redesigned to provide a concise overview of the vulnerability evolution for the asset, but also to give users an easy way to check the scan logs history, as scans are conducted on the asset in the background.
In our early October product release, we’ve also added the Scoring panel. It showcases how the DelveAI adjusted the initial risk score of the vulnerability based on nearly 3 dozen factors. This exciting new feature will soon be covered in an article of its own in the blog, so make sure to follow us for the latest updates.
This redesign of the asset list and asset detail panels reinforces our philosophy to maintain an asset-centric approach to conducting vulnerability scans, and brings a truly comprehensive and natural approach to Vulnerability Management. We’re convinced that this will allow security experts & IT administrators to very easily monitor their assets over time as their network evolves. If you have ideas to help make our product even better, or have any questions at all, please don’t hesitate to reach out to us at [email protected].