CoreTech now offers a new service to clients that helps discover, monitor and secure network vulnerabilities and exploits. It’s a vulnerability scanning tool which looks through your network assets, such as laptops and servers, to evaluate which devices have a higher risk of exposure to malware. CoreTech is constantly analyzing and testing security products to add to our resource stack for small and midsize businesses. The tool we selected is CyberCNS, which helps us safeguard your business from being exploited. Here is how we use the vulnerability scanner tighten up your network.
What is vulnerability scanning?
Unlike your anti-virus, which scans for high-risk files in your computer or laptop, a vulnerability scanner determines if you are exposed to malware before it breaks into your system. It is a bit like proactive anti-virus. A vulnerability scanner is a tool hackers use, so we get a pretty good view of what an attacker would see. However now we can use the hackers’ tools against them.
Below is a bar graph showing the system’s Top 10 Assets of risk malware exposure. On the y-axis, there are the number of vulnerabilities the device faces. The x-axis gives server names, such as domain controller, laptop 1, etc., attached to each score. The four bars attached to the device show the number of vulnerabilities ranked from low (green) to critical (red). For example, the first four bars show 49 critical vulnerabilities, over 1100 high vulnerabilities, over 400 medium vulnerabilities, and 17 low vulnerabilities for that specific device. The information tells us which computers or servers have a higher or lower risk of exposing the network to malware attacks.
The first scan of pilot client.
So how does it work?
With a client’s approval, CoreTech will remotely install a CyberCNS probe onto their network. Any device will do; a server is best, but we can work from a laptop as well. CyberCNS will scan the network and generate reports. Our probes check multiple times a day to catch new devices. Our service desk reads the messages the tool develops and will act to remediate the problem. Mostly, this is done quietly using scripts in the background, though we will check with a client for more sensitive issues.
Below, the photo shows the remediation plan we took to update and review specific server aspects. The list shows an example of typical software we would scan for malware, though it would usually be more tailored towards the particular device.
A list of software remediations that are pending.
Why introduce vulnerability scanning?
We noticed many of our clients wanted to hire or did hire penetration testers to fulfill obligations for insurance coverage. We encountered a few cases where clients paid thousands of dollars for a glorified vulnerability scan but were told it was a penetration test. While vulnerability scans look for potential exposures within the system, penetration tests exploit weaknesses in the architecture of your IT network. Given the high importance of this layer of security, CoreTech decided to add the service at no extra cost for existing clients who have CoreCare | Critical service plans. In addition to continually scanning, we can perform one-time assessments for clients who want a check-up.
Our last image is a speedometer showing the system’s appearance after a scan. Asset Score is an aggregate score of all the vulnerabilities weighed by their seriousness. The higher the number, the higher the risk. We put a small group of clients into a pilot group. The score on the first scan was 80, so bright red. Once we remediated the vulnerabilities in their systems, their risk decreased to an Asset Score of 34, as depicted below.
Pilot clients after we finish remediation. They started with an 80 asset score.
CoreTech spent time over the past few months putting Cyber CNS through its paces to ensure it was a practical, and helpful tool. We are excited to deploy it and begin solving vulnerabilities before they become problems. Contact us about an assessment scan if you are not currently conducting this type of scanning.
We strive to align with our clients by providing proactive approaches to cyber security updates and managed IT services. Recently we obtained the CompTIA Security Trustmark+, which identifies IT companies that commit to industry security standards and compliance measures. CoreTech will continue to demonstrate an active dedication to data security and professional customer service as we support SMBs around the Omaha area.