Hello, cybersecurity champions! 🏆
Welcome to the third instalment in our series on Cybersecurity Observability use cases.
Today, we’re tackling a critical issue that keeps many CISOs up at night: devices that are flying under the vulnerability scanner radar.
Picture this: Your vulnerability assessment tools are humming along, identifying known vulnerabilities left and right. But then your CISO drops this bombshell:
"How do we know we're scanning all our devices? What about the ones we don't even know exist?" (Chief Information Security Officer)
Gulp. It’s the cybersecurity equivalent of “unknown unknowns.”
But don’t sweat it! 🥵
This is what we at SJULTRA solve with our partner Axonius with CAASM (Cyber Asset Attack Surface Management) and cybersecurity observability shine.
Here’s the deal: Your vulnerability assessment tools are great at finding issues on devices they know about. But what about the devices they don’t know exist? These could be:
These invisible assets are like open windows in your digital fortress. And the worst part? Your vulnerability scanner’s admin console won’t tell you about them because it doesn’t know they exist!
Who's job is it to find devices that are missing from the inventory and not being vulnerability scanned?
This is where SJULTRA’s CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… service, powered by Axonius, comes to the rescue. It’s like giving your security team x-ray vision for your network.
Axonius pulls data from multiple sources:
By cross-referencing these sources, Axonius can spot the devices that should be scanned but aren’t. It’s like finding the missing pieces in your security puzzle!
Once we’ve got Axonius set up (remember, SJULTRA offers a free 30-day trial), we can start hunting those elusive unscanned devices.
Want to find all devices missing vulnerability scanner coverage? Here’s how we do it:
Show me all devices that aren't known to any Vulnerability Assessment Tools.
3. In Axonius Query Languge (SQL):
not specific_data.data.adapter_properties == "Vulnerability_Assessment"
This query finds devices missing Vulnerability Scanner coverage by showing anything not known to security solutions categorized as Vulnerability Assessment Tools. Here’s an example of the returned results:
Simple, right? But incredibly powerful.
Let’s get more specific. Say your policy requires all Windows devices to be scanned. We can modify our wizard query:
Or in AQL…
specific_data.data.os.type == "Windows" and not specific_data.data.adapter_properties == "Vulnerability_Assessment"
Results in…
…and so on.
But if you have a large estate and lots of results, you can filter down the most recently seen windows devices by adding an extra line to your query: “Last Seen (Days) 7”
specific_data.data.os.type == "Windows" and not specific_data.data.adapter_properties == "Vulnerability_Assessment" and specific_data.data.last_seen >= date("NOW - 7d")
Great, we’ve uncovered these hidden devices. What’s next? This is where the “action” part of our cybersecurity observability comes in. With Axonius, we’ve got four tricks up our sleeves:
And there you have it, champions!
That’s how we turn the invisible threat of unscanned devices into a manageable, observable process.
It’s not just about finding vulnerabilities; it’s about making sure we’re looking in all the right places.
Remember, this is just 3 out of 14 standard use cases we help our customers with as part of our CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… Concierge service. And guess what? You can get it for free!
In the world of cybersecurity, what you don’t know can hurt you. But with the right tools and a bit of observability magic, we can shine a light on those hidden threats.
Stay vigilant, keep querying, and may all your devices be scanned and secure!
Read the Axonius documentation on Finding Devices Not Being Scanned For Vulnerabilities.
