How do you manage vulnerabilities for your ever-changing IT attack surface?

Employee mobility, BYOD, virtualization, and cloud services have all combined together to present organizations with a large and fluid environment for which they must identify and manage the vulnerabilities of every asset on the network.  A vulnerability scanner can help with this task by assessing computers, systems, and apps for known weaknesses. However, even with these tools, many network security professionals find this task arduous, resource intensive, and often inaccurate.

We wanted to know how managing vulnerabilities in these complex environments can be done quickly, effectively, and without huge manpower resources.  To gain further insight, we talked with Rosanna Pellegrino of Digital Defense.  Rosanna was kind enough to spend some time with us discussing their solution and some of their recent integration efforts.  

She explained, “It starts with our solution approach which is an integrated process that includes highly accurate vulnerability scanning and employee best practice training around how to stop carelessly introducing new vulnerabilities.”  She continued, “Our platform reaches out and identifies the assets, or hosts, on the client’s network and categorizes 20 to 30 characteristics of each. Not just MAC address, port address, or machine name; we identify a myriad of different things.  We then take that information and apply the appropriate vulnerability scans for that specific machine.”

Digital Defense is not unique in that they provide vulnerability scans – other solutions can do that as well.  How they are unique, however, is in their ability to provide their clients with scan-to-scan vulnerability reconciliation. The lack of proper reconciliation technology can generate misleading results and even worse, an inaccurate view of your organization’s security posture.  It is their ability to correlate historical information that allows their platform to recognize a device regardless of how that device connects to the network. The key to this ability is the broad spectrum of asset identification characteristics they capture, categorize, and record.  This helps them know what hosts are on the network with much more accuracy.

Discussing their recent integration with ForeScout, Rosanna said, “The Frontline VM integration with ForeScout CounterACT streamlines remediation efforts and improves organizational processes and efficiencies by automating the workflow process of identifying hosts, scanning for known vulnerabilities and risk of hosts.”

The press release from July 17, 2018 states that this integration will provide Digital Defense and ForeScout joint customer with:

  • Continuous visibility of connected devices
  • Prompt response to block or quarantine endpoints with critical vulnerabilities
  • Automated remediation actions
  • Ability to provide on-demand scans based on ForeScout CounterACT policies

Rosanna told us, in lay terms, “Within 5 seconds of an IP address being requested ForeScout asks Digital Defense if it has seen this device before.  If the answer is yes then the next question is “when did you last scan it?” And, we may say that we scanned it within the last 30 days. Okay, so it is within policy so “go ahead and allow it access to the network.” If it falls outside of that 30 days or it is a device that we have not seen before Forescout can request that Digital Defense scan that device. Any device can show up as a wired or wireless device but because we correlate that data it helps to keep the ForeScouts database much cleaner.  With our integration, that entire process is totally automated and totally seamless. You don’t need anyone to manually intervene. What we do is identify vulnerabilities on a host. Our integration partners identify that this vulnerable host wants access to the network. Given the information we feed them, they then decide if they want to accept the risk of allowing that asset on the network or only allow it into a quarantined area.”

Just as the IT threat attack surface is growing and becoming much more complex, today’s security solutions are becoming ever more innovative to meet this challenge.  Digital Defense is a good example of how today’s more sophisticated security needs are being met with automated and integrated tools. It’s not enough anymore to just scan an asset for vulnerabilities.  You need to know exactly what assets are on – or requesting access to – your network at all times, allowing your security workflow to make informed decisions quickly and automate remediation actions.

Steven Bowcut, CPP, PSP is the Editor-in-Chief for Brilliance Security Magazine