Visualizing Vulnerability Management with Enhanced Asset Detail
October 9, 2019
Visualizing your entire vulnerability management inventory, at a glance
Having an accurate, current asset inventory is essential to effective vulnerability management. It may sound obvious, but knowing what assets exist in your organization is the first line of defense in cybersecurity, and not necessarily trivial to accomplish. With Delve and its self-improving auto-discovery feature, visualizing vulnerability management challenges, finding all the Web applications, servers, network equipment, and other devices takes just two clicks. That’s exceptionally helpful, but largely useless unless we can also identify which ones need your attention. Thanks to our latest product update, and specifically improvements to the assets, vulnerability scanning tools and websites panel, it is now even simpler to see at a glance what is in your network, and understand each asset’s risk exposure.
What is Vulnerability Scanning?
In the most basic sense, vulnerability scanning is the process of making requests or queries to ports on network-connected machines (e.g. servers, laptops) and analyzing the responses. Asset “discovery,” closely tied to scanning, probes machines for the services they might be running (e.g. HTTP or SQL). Vulnerability scanning software must therefore include sophisticated knowledge of a number of protocols to comprehensively test machines for vulnerabilities. Vulnerability scanning tools can vary in their sophistication, and it’s important to understand the limitations and capabilities of the vulnerability scanning tools you’ve chosen to deploy. For example, Delve’s vulnerability scanning software uses its machine learning engine to modify or improve automated scanning based on, for example, newly discovered machines or services on those machines, or newly identified vulnerabilities or exploits. Delve’s vulnerability scanning software also scans web applications for security vulnerabilities, as secure web applications are particularly critical to an effective network security operation. Most vulnerability scanning tools include web application security testing as a separate element of their product suite, while Delve’s is a fully integrated element of Delve’s vulnerability scanning software. Note that Delve provides dynamic web application security testing, meaning the application is tested while it's running. This is in contrast to static web application security testing, which analyzes the underlying application code but not while the application is running.
When displaying the Server or Website panel, you can now see all your assets and the relevant data for each. We’ve deployed the same display approach that was used for the recently revamped Vulnerability panel, as presented in my previous blog post, Not All Vulnerabilities are Created Equal.
To easily see the number of vulnerabilities on each asset, we’re first showing a bar chart splitting all vulnerabilities into four severity levels. By default, the assets with the most important vulnerabilities will be right at the top for easy viewing, but the bar chart visualization in the list allows for quick & easy identification of outlier assets as well.
We have also reworked the timeline graph. In keeping with our philosophy to present the information in an asset-centric way, the timeline will clearly show - in the last 12 months - when an asset was scanned the last time. Moreover, if we’re unable to complete scans on it, a red dot is displayed. If an asset has red and green dots split far apart, we would recommend our customer investigate why the asset wasn’t scanned recently. Freshness of vulnerability information is important for a number of reasons, most of all, it impacts the prioritization of vulnerabilities.
Assets can still be scanned on a daily, weekly or monthly schedule (or not at all), and their next scheduled scan period will be displayed on the last column. We’ve also added an indicator to the vulnerability scanning software, if a scan is currently being run the asset, with an estimate of how long scans should take.
Asset Detail Panels for Improved Vulnerability Management Visualization
All additional details on the asset are available right in the interface by clicking the entry or the chevron icon. The first panel shown will provide general information about the asset. We’ve also improved the UI so main actions are more accessible, for example launching a manual scan, defining the auto-scan schedule, or editing or deleting the asset.
The Software and Ports panels show all the software that was found installed on the machine with the specific version string that was detected, as well as open or filtered ports that are listed clearly with the entire banner response when applicable.
The Related Assets panel has also been enhanced. In order to better understand the complete risk a certain system represents in your environment, knowing what type of Web Applications it hosts and their vulnerabilities is paramount to grasping the complete attack surface. That’s why we not only take this into account in prioritization scoring, but it’s also shown visually in the Related Assets panel so that our customers can more efficiently acquire a complete picture at a glance.
Finally, the History panel has been redesigned to provide a concise overview of the vulnerability evolution for the asset, but also to give users an easy way to check the scan logs history, as scans are conducted on the asset in the background.
In our early October product release, we’ve also added the Scoring panel. It showcases how the DelveAI adjusted the initial risk score of the vulnerability based on nearly 3 dozen factors. This exciting new feature will soon be covered in an article of its own in the blog, so make sure to follow us for the latest updates.
This redesign of the asset list and asset detail panels reinforces our philosophy to maintain an asset-centric approach to conducting vulnerability scans, and brings a truly comprehensive and natural approach to visualizing Vulnerability Management. We’re convinced that this vulnerability scanning software will allow security experts & IT administrators to very easily monitor their assets over time as their network evolves. If you have ideas to help make our product even better, or have any questions at all, please don’t hesitate to reach out to us at [email protected].