A key tool in a cybersecurity engineer’s arsenal is a comprehensive security audit. Significant vulnerabilities can be quickly identified and mitigated. Without this knowledge, you can only guess if your network is vulnerable to hackers. Collective Sense has a powerful security audit product that can be run in standalone mode or integrated with our other products, taking advantage of their valuable data for our machine learning capabilities. While other leading products promise to “prioritize your vulnerabilities by likelihood of use by an attacker, ensuring you always fix the most dangerous issues first”, we take it several steps further. Why should you use your valuable resources to comb through lists of prioritized vulnerabilities, when you could let the Collective Sense engine solve your problems?
Our security audit module uncovers all the known vulnerabilities that hackers will try to exploit. Whether it’s on open port on an endpoint, insecure code on a printer or an unknown router bug, we will find it for you and give you the tools needed to fix the issue.
Summary of capabilities:
– Most solutions give you a single, manual security test to uncover vulnerabilities and security misconfigurations. We treat vulnerability scanning as a key to the never-ending vulnerability management process. We have built a rock-solid security management process based on:
– Corporate networks are complex, heterogeneous environments composed of thousands of different services running at the same time. It is a must to track them regularly. Using the Collective Sense solution you can scan your network at regular intervals and compare the findings of the last scan with results of particular scan from the past. That way, you will not only be able to find open ports in use in your network, but also get a scan results delta, which helps you detect malicious services in your network like suddenly running internal C2 services, backdoors listening on exotic ports, or rootkited services for which the banner has been slightly changed since the last scan, for example SSH-2.0-OpenSSH_5.3 vs SSH-2.0-OpenSSH_5.3-magic-pass.
No stone left unturned
Hackers know where to look to find your weak points, but engineers aren’t always aware of where the vulnerabilities exist. For that very reason, we cover your entire network and the possible hiding spots which are often hard for you to locate. All of this is fed to our Machine Learning engine so you don’t need to assess every little detail and waste time manually dealing with the results.
Summary of capabilities:
Audit results provide key data for machine learning
By combining all the security audit information we gather along with the profile of normal behavior (at a single device, similar devices and whole network level – all built by Collective Sense ML) and other events in the network, we bring the unprecedented capability to raise a real security alert if the system detects anomalous behavior. False positives and negatives are now far less probable.
As a real life example, consider the following:
In a customer’s network, we noticed two unusual events within a few minutes of each other:
Our security audit discovered one more interesting bit of information:
The machine for which all of this was observed did not previously have a service running on port 80 (however other machines in the network run this service). Unseen sources of connection or a service crash are unusual, but sometimes they happen and are normal. So, individually, these events do not provide enough evidence to raise a reliable alert (this depends on the network and is also configurable). However, when all three events were combined, the anomaly score was high and raised a real alert.