Welcome to the ninth instalment in our series exploring the practical applications of Cyber Asset Attack Surface Management (CAASMCyber Asset Attack Surface Management (CAASM) focuses on man…).
Today, we’re diving into a critical challenge faced by cybersecurity professionals: identifying and managing unsanctioned software within your organization.
Imagine this scenario: Your company has strict software policies in place, but you suspect that employees might be using unauthorized applications.
How do you find these potential security risks hiding in plain sight? That’s where CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… comes in.
Regulatatory Compliance
Vulnerabilities
Data Leaks
Inefficiences
Increase Attack Surface
Lack of visibility
Table of Contents
The Unsanctioned Software Problem
Unsanctioned software is a thorn in the side of IT and security teams everywhere. These applications, while potentially useful for employees, can pose significant risks to your organization’s security posture. They might include:
Peer-to-peer networking tools (e.g., Tor, TikTok)
Cracking tools (e.g., AirCrack, L0phtcrack)
Protocol analysis tools (e.g., Wireshark, Npcap)
Vulnerability mapping and penetration testing tools
Cryptocurrency wallets and miners
Gaming applications
Remote Access Tools (RATs)
The challenges in finding this software are numerous:
Difficulty in searching across existing asset inventories
Incomplete software lists in asset inventories
Conflicting data due to outdated information
Limited sources for software inventory lists
Enter SJULTRA's Cybersecurity Observability Service
It’s like giving your security team a time machine and a crystal ball, all rolled into one.
CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… pulls data from a smorgasbord of sources:
Endpoint Agents
Configuration and Patch Management Tools
Ticketing & Helpdesk Platforms
Networking Tools
Vulnerability Assessment Tools
IAMIdentity and Access Management is the technology and process… Solutions
Cloud Infrastructure
By correlating this data, CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… creates a rich, unified view of your entire digital ecosystem. It’s like having a digital map of your entire IT landscape, with every device, user, and cloud instance clearly labeled.
Book your free CAASM trial now
Get visibility on all 14 cybersecurity observability use cases in less than 30 days with SJULTRA.
Getting organized: defining your unsanctiones software list
The software that’s installed on your devices will be one of three types:
Known – Sanctioned — eg. Microsoft Office apps.
Known – Unsanctioned — e.g. Nmap, Bitminer, etc
Unknown – Unsanctioned.
The goal with SJULTRA CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… is to build up these lists so it makes it easy to query your IT landscape and put software in the correct bucket.
Technical Deep Dive: Finding Unsanctioned Software
Let’s walk through how to use SJULTRA CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… to hunt down unsanctioned software:
View All Installed Software:
Navigate to the devices page
Add the “installed software” column to your view
Search for Specific Software:
Use the CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… Query Wizard
Search by software name, version, or description
A list of common unsanctioned software
Peer to Peer Networks: Tor, Torrent, TikTok, WeChat, PopcornTime
Using the CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… Security Policy Enforcement Center, you can also initiate WMI scans to generate a list of installed software for all windows devices.
Search by software Name
Searching for specific unsanctioned software can be done by using the Installed Software: Software Name field. Using the OR switch and the contains function allows searches for multiple software instances simultaneously.
This query below shows a search for any device that has metasploit, or nmap.
Search by software Vendor
If there are certain software vendors your company does business with, you can simply search by the software vendor using the Installed Software: Software Vendor field.
For example, Adobe.
Digging Deeper with More advanced queries
For more complex scenarios, try these advanced queries: via CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… Query Language (AQL):
Once you’ve spotted these digital apparitions, what next? CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… lets you automate your ghostbusting:
Slack Alerts: Instantly notify teams about new ephemeral devices. “Who ya gonna call? The DevOps team!”
Jira Tickets: Automatically create issues for IT and DevOpsDevOps is a partnership between software development and IT… to review. It’s like setting ghostbusting assignments.
Tagging: Add tags in CAASMCyber Asset Attack Surface Management (CAASM) focuses on man… for easy tracking. Think of it as putting a spectral tag on each ghost.
CMDB Updates: Keep your Configuration Management Database up-to-date, even with short-lived devices. It’s like maintaining a constantly updated ghostbusting logbook.
Summary
Finding unsanctioned software is just one of the 14 powerful use cases for CAASMCyber Asset Attack Surface Management (CAASM) focuses on man…. By leveraging SJULTRA’s Cybersecurity Observability Service, you can take control of your software ecosystem and significantly reduce your attack surface.