Edition 3: Vulnerability Scanning Coverage Accelerates When Authentication Is More Successful

It's that time again: Many of your security teams unfold their talent to remediate vulnerabilities. The past month was a success, and your trending percentage decreased for some odd reason. The CISO has seen the report and wants a detailed justification on the numbers trending upward for open vulnerabilities. This is no surprise since Microsoft has released its Patch Tuesdays, new assets were added, or a certain percentage of assets had scan failures.

The scenario sounds all too familiar for many organizations. No matter what solution is utilized, the revolving door stays active. In my earlier days of conducting many vulnerability scans using Beyond Trust Retina or Tenable Nessus, the current challenges co-existed. Many of the assets discovered were either offline, blocked via firewalls, or configured improperly. Today, it's imperative to have the best in authentication - so patch and remediation can discover the risks early and cleanse issues. It's easier said than done because vulnerability management never stays still. It's about configuration settings and how to authenticate. Let's dive deep into the configuration roadmap for authentication.

When organizations decide to onboard a compliance tool, the first step is configuring the device via the network; and all IP addresses are added to the Access Control List (ACL). This configuration will prevent the tool from being seen as a rogue device or blocked via the firewall. What have I experienced? For some reason, many of the communication lines were broken. Our team went back and forth with the network group to open ports and allow firewall access. Let's imagine we did have success! Now onto the asset management and Configuration Management Database (CMDB).

The goal of the CMDB is to contain a repository of all assets. It's well known that many CMDBs are not up to date. When first onboarding the compliance tool, a discovery scan is conducted, and its purpose is to identify assets within the scanning architect. Hopefully, your CIDR notations are correct! After discovery, the compliance tool should contain a list of hostnames, IPs, Domain Names, or MAC addresses for discoverable assets. In my history: Some assets did not appear because they were offline or the ACL issue was still active. Let's imagine we had success at this step!

Now it's time to create our policy. Most policies can exist under a Basic Scan Policy. These are generic settings for conducting a scan. When authenticating to a remote device, the compliance tool has admin rights to the root folders or local admin-level privileges. In Windows devices, the service account used for scanning must use the service account login ID and password for access. It's simple as taking the local admin user account and adding the account information into Tenable Nessus or Rapid7 scan policy. Through my experience, I have seen this area result in the most authentication failures. Many vendors, such as Tenable, have detailed information on correcting this issue.

So we know that discoverable assets should match the CMDB. The truth: many assets are not discovered. We could chase down the networking team and ask about the ACLs, but did we check the failures? The failures will affect your vulnerability coverage. I have seen authentication rates at 35% or lower. Meaning: Only 35% of the total assets inventoried were discoverable or scanned. In the context of vulnerabilities, you are not scanning the root directories or OS. These locations contain critical vulnerabilities such as Java, MS OS, or critical advisories. The authentication rates are critical and should "not" be overlooked. When it comes to risk treatment, you may be missing critical findings.

Now let's report, but there is an issue! The CISO may still question the low authentication rates. You may have to revisit the drawing board - so check the scan policy and network settings. Your CISO still likes you!

Let's keep the Situational Awareness ongoing! There is a discussion about this article and Situational Awareness in the Cybersecurity Mindset. www.dewaynehart.com

Press Release: https://www.einpresswire.com/sources/u462154

Author: https://www.dewaynehart.com/

Youtube: https://www.youtube.com/channel/UC2uLAXTWV_U2IzAiaY0mQkw

Podcast: https://dewaynehart.com/podcast/

Business: https://www.semais.net

Dewayne Hart

"We Are Only Safe As Our Mindset"

 👉🏼 Gerald Auger, Ph.D., 🔐💻 DAVID MEECE - Cybertech Dave 🔥Chuck BrooksChris Hughes 💭🔐Mike Miller

#cyberattack #cyber #cybersecurity #hacking #security #technology #hacker #infosec #ethicalhacking #cybercrime #tech #linux #hackers #cyber #programming #informationsecurity #cyberattack #privacy #malware #kalilinux #coding #cybersecurityawareness #datasecurity #dataprotection #python #ethicalhacker #pentesting #hack #it #computerscience #informationtechnology #bhfyp #informationsecurityawareness #certificationcourse #threathunting #threatintelligence #homelandsecurity #ciso #cissptraining #cissp #databasesecurity #comptia #informationsecuritymanagement #informationassurance #authors #accenture #IBM #crowdstrike #cyberattack #podcat #DoD #goverment #NIST #defense #technology #linkedin #machinelearning #india #careers #ai #cybersecuritymindset #dewaynehart