SafeDNS offers a comprehensive User Administration feature exclusively for our Enterprise plan users. This feature enhances your control and oversight of your SafeDNS account. In this post, we will explore how User Administration works, why it is important, and the significance of logging.
How does it work?
SafeDNS User Administration allows you to create sub-accounts, namely Administrators and Auditors, to manage your primary account efficiently and securely. Administrators have their own unique login and password and possess all the permissions of the main account, except for the ability to create additional Administrators. Auditors also have their own login and password but are limited to accessing the Stats page only. They can view logs and statistics but cannot modify any settings on the dashboard.
Note: Please be aware that Administrators and Auditors are intended for use with the Dashboard interface only and are not compatible with the SafeDNS Agent application.
Why is it important?
Enhanced Security: User Administration enhances security by granting specific access privileges to sub-accounts. With well-defined roles and permissions, you can reduce the risk of unauthorized access and potential data breaches. Implementing the principle of least privilege ensures that users only have access to the resources necessary for their tasks, strengthening overall security.
Efficient Account Management: Delegating account management tasks to Administrators allows for more efficient user onboarding, offboarding, and ongoing management. Administrators can quickly provision new accounts, adjust permissions, and remove access when necessary. This streamlines administrative processes and password management, leading to improved productivity and reduced administrative overhead.
Accountability and Compliance: User Administration contributes to accountability within your organization. By tracking all account actions, the comprehensive logging system provides a clear record of user activities, changes made, and the responsible sub-account. This level of accountability is crucial for regulatory compliance, internal auditing, and forensic investigations.
What are the logs for?
SafeDNS also provides a comprehensive logging system that captures and stores important user actions within the dashboard. The logs include details such as login/logout events, configuration changes made by the main administrator, sub-administrators, and auditors. These logs track activities such as enabling/disabling features, adding/removing entries in Allow/Deny lists, and more.
Additionally, we have created a helpful video tutorial that provides detailed instructions on how to set up the User Administration feature. This video will guide you through the process, ensuring a seamless implementation of sub-accounts for efficient account management. You can find it here.
SafeDNS User Administration and logging features offer a robust solution for effective account management and enhanced security. By delegating responsibilities through sub-accounts and leveraging detailed logging capabilities, organizations can streamline operations, maintain accountability, and ensure compliance. Explore the power of User Administration and logging with SafeDNS to fortify your network’s security and efficiency.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SafeDNS SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.
We are delighted to share the news of our remarkable achievements in 2023 with Capterra. We are proud to have received multiple awards, including recognition in two categories this year: Emerging Favorite in Endpoint Protection and Cloud Security.
SafeDNS has been highlighted as a highly-rated product in the Cloud Security Software category of Software Advice’s FrontRunner Report 2023.
We are grateful to our clients for making this achievement possible! We have received exceptional reviews on Software Advice:
“Very easy to install and integrate. The service allowed for more flexible options – such as a longer whitelist of websites – as well as less complicated than Cisco Umbrella.” [Edward]
“Safedns does a great job of making DNS based administration quick and easy. Safedns also does a great job of allowing administrators to define a list of allowed sites and deny everything else. Some of the big players in this space surprisingly don’t have this functionality.” [Troy]
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About SafeDNS SafeDNS breathes to make the internet safer for people all over the world with solutions ranging from AI & ML-powered web filtering, cybersecurity to threat intelligence. Moreover, we strive to create the next generation of safer and more affordable web filtering products. Endlessly working to improve our users’ online protection, SafeDNS has also launched an innovative system powered by continuous machine learning and user behavior analytics to detect botnets and malicious websites.
It might sound funny, but these were a few talking points that came up last week during runZero’s two hosted fireside chats, where CEO and Co-Founder Chris Kirsch sat down with Lares CEO Chris Nickerson on Tuesday and then Fortinet Systems Engineer Roger Rustad on Wednesday.
If you’ve had the pleasure of hearing Chris Nickerson tell his pentesting “war stories,” you might already know some of the references here. But for first-time listeners, these narratives cover the potential dangers of a red team member’s (mis)adventures, and the role of asset inventory from an attacker’s perspective. As for natural disasters and time machines, our talk with Roger elaborated on his work with the Information Technology Disaster Resource Center (ITDRC), as well as his view on how runZero’s solution has been helpful to the incident response and forensics teams at Fortinet.
Chris Nickerson Recap
The first fireside chat began over margaritas as Chris Nickerson (CN) joined Chris Kirsch (CK) on stage at our pop-up venue, the runZero Cafe, on Tuesday, April 25. Their chat covered:
Why the recon phase is an important stage in pentesting
The human element (and fallibility) of IT and security
What tools Chris Nickerson uses in his pentesting
And sprinkled humorously throughout the dialogue were moments from Nickerson’s past exploits, including welding people to cars with killer robots.
Specifically, CN talked about how recon (for attackers) and asset inventory (for defenders) are two sides of the same coin. In answer to why the recon phase is important, he noted,
Video transcription
CN: “First off, right, Karate Kid Rule. Man can’t see, man can’t fight. Same exact words for any attacker. I can see things that you can’t see. Good luck. And if that’s what I’m looking for, right, I’m trying to find those lapses in visibility.”
“So in general, right, when you’re thinking about making a process in testing, it’s not always like the voodoo magic and you just sprinkle your hacker dust and then magically like you win. It’s a bunch of really crappy work.”
“It takes a ton of time and you have to have a lot of process into it, it’s not just a hit a button, hope that it expands to find the things. You have to catalog every single thing that you see and be able to start to index and understand this information and what starts to emerge is patterns, right.”
“You start to see, oh, this is kind of where all the old stuff lives; this is where some cool, new stuff lives, this is where some I have no idea what this is. That might be interesting at some point. You might find names. You start to find, you know, indexed pieces of not only networking infrastructure, but I mean, engineers are good. They have naming conventions so that when somebody is like, hey, they want you to steal financial records, it’s like D-E-N, Denver, F-I-N, financial, and then like a bunch of numbers and you’re like, oh it’s probably this server you know, like.”
“So as you start to get yourself familiar, it’s more about situational awareness to figure out what you’re going to do in forward operation then it is go find a vulnerability, scan for something, exploit it, you know, move on to offense success, It’s really about that process of getting that total view of the landscape because you kind of can’t make plays on the field unless you know where the boundaries are.”
In answer to what tools he’s using:
Video transcription
CK: “So how do you, how do you go about that? When you go on a pentest, what are your tools to figure out what’s there, information for your pentest…”
CN: “So obviously lots of things, right? Because we have a great relationship being able to use runZero in that capacity, I think it’s great, especially in massive networks. Because what you find is, you know, in a smaller network I can get a relatively high degree of success, if I’m just using basic, you know, nmap engines and I’m going to be able to find, you know, the scripts that I’m using to to be able to pull information.”
“You don’t get that rich bit of information. right? I know that the host is up, I know that these ports are open. I can probably go grab banners, but now I have to like grep through a bunch of shitty text files. And it’s not super useful. Whereas if all those things are indexed, they are in a searchable database, you have ways to look at that information.”
“It’s now what’s there, what’s available, what’s running, what version is it running? What other things can I start to collect and find out about that box?”
When it comes to testing more fragile environments, CN delved into the problem of legacy technologies lacking resiliency, and the importance of not only understanding the environment as a pentester, but also ensuring companies know what’s on their networks, including “what’s old and going to misbehave.”
As an example of misbehaving machines, here’s CN’s killer robot story:
Video transcription
CN: “We were working on manufacturing facilities, right? And the robotic welding arm things, right? Cool robots are just tech world stuff. Their TCP/IP stack was awful. And it’s, like, I don’t know, somebody from the eighties built it. And it’s just half-open connections that make it harder for people. And I say that like in the most loving way, because like I portscanned it just started !@#$!@#, and just started shooting welds in the air going like this and I was like, ohhh shit, you know, like, I guess I didn’t know but like the…”
CK: “Just to be clear, this wasn’t with runZero?”
CN: “No, no, no, no. No, this is bad scripts that, Chris, again 24 times unsafe, 25th time unsafe. I was like try three and it was now trying to kill people. So again, you know, like those types of tools, whether it’s like the idiot guard for me, which, probably need it more often, especially now that I’m older, but but being able to understand and how you can interrogate a box safely is it’s the hardest thing of testing because if you’re wrong, you’re really wrong.”
“Like it’s a super super bad moment because the whole thing that you’re like, oh, I found the one box that I can compromise. Oh, yeah. Just turned it offline. That’s it, start over, like two weeks of work gone.”
While many companies understand how critical asset inventory is, they still face challenges when trying to implement it; they often lack the knowledge and resources to do it effectively. However, CN points out that if you have the proper tools, you can avoid making tragic mistakes:
Video transcription
CK: “Here’s the thing that kills me, you know like, for a lot of that infrastructure. OT and also like the ERP system and those kinds of things, it’s like it’s both, this is absolutely critical for the business to survive, and this is so fragile and you can’t touch it and never touch it. These two things don’t makes sense to me.”
CN: “But this this is but this is where I appreciate the approach that’s been taken with runZero because they think that not not only are we looking at this like central source of truth and system of record, but the idea that the logic is built in for the grouping and for some of those things starts to create that that map of of where severity could be without having to get into them, you know, robots killing people.”
Yes, getting those parameters is important, and luckily, runZero can give you that right out of the box.
As a final note on the importance of asset management, CN told us:
Video transcription
CN: “I’ve also worked in a lot of other enterprises and consulted all over the planet, and everybody’s trying to change stuff in their network. Well, if I can just come in and give you an inventory. But let’s say, I mean, even if I’m a tester or I just run the network or I’m part of ops in engineering, if if what I can do is come back because you hired this, like, whatever some $4 billion consulting company to come in and like, upgrade your SAP system, they’re going to be like, oh, give a map of everything and the people who run it will give them the maps of like a couple of interfaces and then everything else won’t be there.”
“But if you can add value to go back and go, oh, this is absolutely every single thing that we have that as a SAP vendors, be able to group them, be able to categorize them, be able to explain to them that like, well, this one was from the 90s, this one was from the 2000s, all of them don’t follow the naming conventions, half of these aren’t in DNS.”
“Like you’re now making a graceful transition, which is huge because being a consultant, like the worst problem is information right? And if you can do that, you can give them accurate inventory, like they might actually get the job done on time. Probably never on cost, but at least quickly.”
So happy hunting to you, Chris! And many thanks for your entertaining insights on asset inventory from an attacker’s perspective.
Roger Rustad Recap
During Roger and Chris’s fireside chat, we heard about Roger’s journey in finding an asset management solution both for Fortinet and the volunteer group the Information Technology Disaster Resource Center (ITDRC).
Video transcription
CK: “Now for asset inventory. I think you, well, you brought in runZero, that’s why you’re here. But can you tell us a little bit about how you were doing asset inventory before you brought in runZero?”
RR: “I think probably the easiest way to put it is very poorly. We leveraged a lot of open source tools, mainly the command line tools, you know, nmap and mass scan are kind of something we use regularly. And we went through a lot of logs manually, you know, to go back and try to find things. I think that became very laborious. And doing our threat hunting sessions one time we had to kick off an nmap scan that was going to take forever. One of us said there’s got to be a better way than this. and so we started Googling and found you guys and here we find ourselves today.”
Roger elaborated that other methods and solutions involved waiting for results, and interpreting the data – even though there was often consensus on his team, sometimes the interpretations got lost in translation when presented to other teams.
As Roger and his team looked to find different approaches to the problem, they looked at attack surface management solutions. Unfortunately, many of these tools require agents or APIs, and because Fortinet is more of a hacker culture internally, they preferred command line tools. They wanted to start there and wanted something that started there, too. He noted that runZero’s agentless solution made it very easy for his team to get a quick 30,000 ft view and then trim it appropriately.
As for first steps on how they began their runZero journey, Roger stated,
Video transcription
RR: “Literally, we just downloaded it and played with it. Each one of us ran it in our home network and we were just amazed at what it found. You know, we liked the fact that you can export everything straight into nmap format or XML format or interact with the API. I think that made it really easy. Then it was really just kind of figuring out how we were going to start implementing it internally.”
Once they had runZero up and running, Roger provided some insight into how the solution has been helpful in specific use cases:
Video transcription
RR: “Yes. So oftentimes we need to find an owner of an asset. I mean, everyone has the challenge of on certain networks finding owners is difficult. The extra information that we can look through or see who maybe was on that IP first. You know, I don’t think of runZero so much as an asset tool but sometimes as a time machine where we can go back and see who was on that network or on that device at a particular time. That’s been incredibly helpful for our incident response and our forensics team.”
CK: “How do you, give me an example of when you have an incident that you are investigating, how would you leverage runZero in that respect?”
RR: “So there could be a time in which we saw that a certain IP, let’s say, certificate on an IP, we could see what the certificate was. We could then pull that certificate and pivot across and see who else had that certificate.”
“I think when it comes to our FortiGates, we can tell by that type of certificate what version it is, what this may be running, and then that’s helped as we’ve gone through and patched certain things. Just seeing them, getting more details. But even the web page itself, being able to get a screenshot on that web page has been really helpful with runZero.”
We’re so glad we could help you at Fortinet, Roger, but we’re also happy to help with your work at ITDRC. This volunteer group is a nonprofit that builds IT solutions in areas affected by disasters, with no cost to the communities using these solutions. Roger explained that a lot of the work involves setting up simple connectivity, including setting up satellites and access points so first responders, shelters, kitchens, and churches can have access to their networks.
How does runZero help the ITDRC?
Video transcription
RR: “And runZero has been really good for helping us kind of figure out what’s on the network before we put stuff on, once we put stuff on. We often forget where we put stuff because as you can imagine, asset inventory is a bigger pain in the butt. Whenever you’re, you know, it’s a volunteer thing at the end of your day that you’re not keeping good tabs on.”
And for how the ITDRC plans to use runZero in the future:
Video transcription
CK: “When you think about how you want to mature and evolve that, looking to the future for disaster relief, etc., how are you planning to use runZero in the future?”
RR: “So I think, you know, one thing we’re starting to see is, as we start to partner with bigger companies like ZPE and other companies, we’re starting to leverage edge compute devices a lot more.”
“So the fact that runZero can run on such a tiny footprint becomes really helpful in figuring out what else has been added or taken off of the network. As we start to at some of these sites, do things like check the fuel levels of the generator or check the voltage level of the battery, we can do all that right off of runZero console access.”
“So as we start to do those things, it just makes sense to just throw a container on it, just see what else is on the network and it might be compromising. So I think when we talk about security for a lot of our other projects, you know, the CIA triad, the one we’re most concerned about is availability. The others don’t matter so much, and we kind of see runZero being really helpful for just making sure things are up and we know what else is running on the networks that we kind of throw out spontaneously.”
With all of the work that Roger does, we’re so happy that we can take off some of the strain in both his day-to-day job and volunteering. Thank you, Roger, for chatting with us during RSA!
RSA Venue Recap
In summary, the runZero team had a great time at our venue during the RSA conference, and we were grateful we could host these informative discussions with Roger Rustad and Chris Nickerson. We were also glad we could welcome many other cybersecurity professionals throughout the week to join us for drinks, tacos, digital caricatures, and faraday bag giveaways.
If we were lucky enough to see you at the venue, thank you for stopping by! We hope you had a wonderful time. And if we missed you during RSA week, we’d love to catch you at Black Hat in August. Feel free to shoot us a message if you’d like to coordinate a meeting at our Mandalay Bay suite!
Either way, if you are interested in learning more about how runZero can help your company with cyber asset management, please let us know by reaching out via our contact us form.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About runZero runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
runZero customers can now identify risky assets across their environment and assign them to users for triage and remediation. Asset risk and criticality are presented as new fields in the inventory that can be used for both queries and alerts. The asset risk field is automatically set to the highest risk level of associated vulnerabilities; this data can be sourced from third-party vulnerability management imports as well as runZero queries. Asset risk can be overridden individually in the asset detail page or by applying a new risk level to assets matching a query. In addition to the changes above, a new Asset risk report is now available, which summarizes asset risk across each level of criticality.
The 3.8.0 release includes 34 new queries that automatically apply vulnerability records to matching assets. These queries are shown in the screenshot below and the full list can be found at the end of this post.
Although the new runZero queries are focused on unintended exposure, any query can be used to associate vulnerabilities to the corresponding asset, which also updates the asset risk level, and ties into the Security Ownership model for triage.
These queries can run against the assets, services, software, and vulnerability inventories. If you are importing software inventory through an integration, you can now create a query that automatically associates a vulnerability with assets with specific software installed.
As an example, if you would like to identify and remove all instances of Photoshop in your environment, create a new software query for name:photoshop, enable the new vulnerability association setting, and provide a unique vulnerability ID for the query. On the next update, a new vulnerability will be associated with every matching asset, and these vulnerabilities can be assigned through the console.
Queries can also be used to prioritize existing vulnerabilities. To add a critical finding when a low-risk vulnerability is reported on an asset with a public IP address, create a new vulnerability inventory query using the public:true asset filter, add additional conditions for the specific vulnerabilities that you would like to match, provide a unique vulnerability ID, and finally set the risk to Critical. On the next update, any assets with the specified vulnerabilities will have an additional critical risk finding attached if they also have a public IP address.
Users can find a list of assigned assets in the asset and vulnerability inventory pages by clicking their owner name in the inventory table or by viewing their user detail page under Your Team > Users.
Once a vulnerability has been remediated, the next update will remove the vulnerability from the asset and update the risk of the associated asset. Risky asset triage and query-based vulnerability associations are available to all runZero Professional and runZero Enterprise users.
Public preview of goal tracking
Measuring progress toward your security and organizational goals can be challenging and difficult to communicate to leadership. With the introduction of goals, runZero customers can set time-bound and query-driven goals that are customizable to what matters most to your team. Goals can be used with new features like asset risk as well as existing features like asset ownership. If you can query for it in runZero, it can now be a goal!
Some examples of goals could include:
Managing expiring TLS certificates
Remediating critical risk vulnerabilities on assets within a set timeframe
Keeping insecure management services off external networks
This feature is in a public preview and we would love your feedback via email or through the in-product support form.
Protocol improvements
The default TCP port list has grown to almost 600 ports (from ~500) for better coverage. Protocol support has been added for Brother’s proprietary scanner protocol, allowing us to identify Brother scanners or Brother multi-function devices that include a scanner. SNMP enumeration is more configurable through the disable-bulk-walk and max-repetitions settings in the advanced scan configuration. Protocol detection has also been improved for TNS Listener and Android Debug Bridge services.
New and improved fingerprints
New fingerprints were added for products by Advantech, Amazon, Apache, ASUSTeK, AV Costar, Avaya, AVM, Bosch, Canon, Canonical, Cisco, Citrix, Codonics, Cognosys, CostarHD, Cradlepoint, Cubic Transportation Systems, DataDirect Networks, Dahua, Daktronics, Datamax, Debian, Dell, DigitalOcean, Eaton, Econolite, EnGenius, Entrust, EVGA, ExaGrid, F5, Fortinet, Getinge, Glenayre, Grandstream, HP, HPE, Huawei, iCAD, Kali, LAVA, March Networks, Microsoft, Moen, MSI, MultiTech, Multitone, Netgear, Oce, Okidata, OpenLogic, The Ottawa Hospital Cancer Center, Palo Alto Networks, Panasonic, PaperCut, Proxim, Prusa, Qualys, Red Hat, RICOH, The Royal Marsden NHS Foundation Trust, Saulmatics, Schneider Electric, Somfy, Sonos, SUSE, Ubiquiti, VMware, and ZTE.
In addition to the above protocol and fingerprinting improvements, we improved our normalization of x509 certificate issuer and subject values, allowing us to more consistently apply fingerprints regardless of ordering/formatting variants found in the field or due to tech stacks.
Passwordless logins
We don’t want your password.
From the beginning, runZero has supported single sign (SSO) for all users, including the free Starter Edition. From this version (3.8.0) of runZero onward we now support using a one-time authentication link in addition to any configured MFA token.
This feature is no less secure than an email-based password reset and prevents runZero from storing even the hashed and encrypted passwords on our servers. If you are unable to set up SSO, using passwordless logins with a WebAuthn token is the next best thing.
See runZero 3.8 in action
Watch the video to see a demonstration of the newest features in runZero, including asset risk and criticality, goal tracking, and applying vulnerabilities from queries.
Release notes
The runZero 3.8 release includes a rollup of all the 3.7.x updates, which includes all of the following features, improvements, and updates.
New features
Risk and criticality levels can now be assigned to assets through third-party integrations, the asset inventory, and custom rules.
runZero Preview Program: Goal tracking helps users with Professional and Enterprise licenses track progress toward completing their security initiatives. Use built-in goals for asset ownership coverage or system queries, or create goals with custom queries to fit your needs.
runZero system and custom queries can now be used to create vulnerability records.
Passwordless authentication is now available, allowing users to request one-time authentication links via email rather than storing a password. This provides a secure authentication alternative when SSO cannot be configured.
Added support for Azure and Intune GCC, GCC High, and DoD environments.
Improved compatibility with WireGuard and Tailscale on macOS and *BSD.
Added support for searching software attributes.
Alert channels now support more than one email address.
Asset limit warnings have been updated to be more clear about whether or not scans will be affected.
A bug preventing explorer reassigned to a previous organization and picking up assigned tasks has been resolved.
A bug causing software search links to navigate to a 404 page has been resolved.
A bug causing task-failed events to ignore the site restriction has been resolved.
A bug causing the hostname override tag to not update the hostname displayed has been resolved.
A bug that prevented clearing Insights from the dashboard has been resolved.
A bug where the copy scan button was cut off in the recurring tasks tab has been resolved.
New vulnerability queries
Application: Apache HTTP Server versions vulnerable to CVE-2021-41773 or CVE-2021-42013
Application: HPE iLO 4 authentication bypass
Application: HPE iLO 5 firmware versions known to be vulnerable
Application: OMI WSMAN versions vulnerable to OMIGOD
Application: OpenSSH servers vulnerable to CVE-2023-25136
Application: SolarWinds Serv-U MFT
Application: VMware ESXi vulnerable to CVE-2021-21974 (OpenSLP)
Hardware: Accellion legacy file transfer appliances
Hardware: Cisco VPN routers vulnerable to CVE-2022-20825
Policy: Android debug bridge
Policy: Cassandra (unauthenticated)
Policy: CouchDB (unauthenticated)
Policy: Distributed Ruby service
Policy: Elastic Search (unauthenticated)
Policy: HTTP directory index
Policy: InfluxDB (unauthenticated)
Policy: IPMI cipher type zero authentication bypass
Policy: Java RMI service
Policy: Memcached (unauthenticated)
Policy: MongoDB (limited)
Policy: MongoDB (unauthenticated)
Policy: Neo4J (unauthenticated)
Policy: NFS world-readable exports
Policy: Redis (unauthenticated)
Policy: Remote desktop service on internet-facing host
Policy: Riak (unauthenticated)
Policy: SMB signing not required
Policy: SMB v1 enabled
Policy: SNMP default communities
Policy: SSH password authentication on internet-facing host
Policy: SSLv2 / SSLv3 services
Policy: Windows management service on internet-facing host
Policy: Zabbix agent without ACL
Policy: Zookeeper (unauthenticated)
Product improvements
Improved error message when attempting to delete a scan template twice
Grace period for tasks can now be configured from the task template page.
Improved asset correlation for multi-source assets.
Public API endpoints to view hosted zones have been added.
The API endpoints for managing scan tasks now accept an argument to select a hosted zone.
Validation for stored queries has been improved to prevent saving queries with warnings or errors.
Excerpts of task log messages are now available on the task details page for tasks that are in error status.
The display of datagrid warning and error messages has been improved.
Improved asset processing when FortiGuard endpoints with “Policy Override Authentication” enabled are present.
Self-hosted installs now support an option to disable TLS validation between Explorers and the console application
The max-repetitions and disable-bulk parameters have been added to SNMP probes.
Task failures are now reported in the Task details pane.
All queries, including runZero-provided system queries, can now be copied.
The configuration for runZero-provided system queries can be modified.
Integration improvements
Credential verification is now allowed only after all required fields have been completed.
Third-party vulnerability integrations now support a more granular risk filter.
Third-party integrations now support more granular vulnerability filters.
Crowdstrike will now use Connection IP and Connection MAC for asset matching.
Bug fixes
A bug that could result in a panic while performing a scan has been resolved.
A bug that could prevent the API from creating valid scan tasks has been resolved.
A bug that negatively impacted fingerprinting via TLS certificates has been resolved.
A bug preventing TLS negotiation in some cases has been resolved.
A bug that was triggered when submitting Azure credentials for verification with a subscription ID has been resolved.
A bug that could cause deadlocks in the TCP LDAP probe and Active Directory integration has been resolved.
A bug that caused an infinite redirect when clicking on site breadcrumbs has been resolved.
A bug causing recurring tasks to be incorrectly sorted by start time on the tasks page has been resolved.
A bug allowing “Verify & save” on the credentials update page to error has been resolved.
A bug where Dell laptops were identified as desktops or servers has been resolved.
A bug preventing TLS negotiation in some cases has been resolved.
A bug that caused imported queries to be parsed improperly has been resolved.
A bug with the default webhook Slack alert template has been resolved.
A recent update in Explorer and Scanner behavior which could inadvertently trigger CrowdStrike EDR detection has been disabled
A bug regarding Intune rate limiting and intermittent failures has been resolved.
A bug where certain tasks could not be edited has been resolved.
A bug regarding erroneously returned results from unscanned runZero assets when searching the asset inventory has been resolved.
A bug marking assets “unscanned” has been resolved.
A bug that resulted in a 500 error when running the asset attribute report has been resolved
A bug that could prevent custom integration results from merging into existing assets has been resolved.
A bug that could cause the save button on the credential edit form to be disabled has been resolved.
A bug where clicking links on the Query page of a self-hosted instance may return a 500 has been resolved.
A bug where clicking links in the Tasks column of the Credentials page would result in an error has been resolved.
A bug where paginated results could display Viewing 0 – N for the first page has been resolved to now display Viewing 1 – N.
A bug that could result in duplicate offline assets has been resolved.
A bug that prevented CSV exports of assets when using free text search has been resolved.
A bug where the number of hops could be incorrectly set to zero when ARP is present as a service has been resolved.
A bug that prevented searching assets using the task search key has been resolved.
Want to take runZero for a spin?
Sign up today to test out these capabilities free for 21 days.
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About runZero runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.
From smart homes to industrial automation, IoT devices have become ubiquitous in our daily lives. However, as the number of devices increases, so do the security risks. Hackers are constantly finding new ways to exploit vulnerabilities and gain access to sensitive information. This is where IoT device monitoring comes in – a crucial tool for businesses to keep their networks secure and their data safe.
With this in mind, let’s explore why IoT device monitoring is essential and how it can help organizations mitigate the risks associated with IoT devices.
What is IoT Device Monitoring?
IoT device monitoring involves tracking and analyzing the behavior of Internet of Things (IoT) devices and using that data to gain insights into the health, performance, and security of those devices. In short, it helps you provision, monitor, and maintain the growing sprawl of connected devices in your organization, and it’s becoming increasingly vital in today’s ever-connected world.
With the growing complexity of IoT ecosystems, it’s crucial to maintain robust control over the devices in your network and how they’re being used. When you have many connected devices, it’s easy for something to go wrong. Whether it’s a malfunctioning sensor, a compromised device, or a network outage, any disruption can have severe impacts on your business.
IoT device monitoring typically involves a range of activities, including:
Real-time data collection: IoT device monitoring systems collect data from devices in real time, often using sensors or other types of monitoring tools.
Performance analysis: Data collected from IoT devices can be analyzed to understand how well devices are performing, including factors such as response time, uptime, and energy consumption.
Predictive maintenance: By monitoring IoT devices, it’s possible to identify potential problems before they occur, enabling organizations to take preventive measures and minimize downtime.
Security monitoring: IoT device monitoring can also help detect and prevent security breaches, such as unauthorized access to IoT devices or data theft.
What is IoT Device Management?
There are over 15 billionconnected IoT devices worldwide, and the number of active IoT devices is expected to double by 2030. With this surge in IoT devices, organizations are under increasing pressure to manage and maintain these devices or risk broken connected systems or cyberattacks. This is where IoT device management comes in. It comprises both the technologies and processes you need to govern your IT landscape.
Here are some of the critical components of IoT device management:
Device onboarding: IoT devices require onboarding to the network, involving steps like credential checks and assigning device identity.
Device configuration: Each device needs to be configured according to business needs, such as grouping devices based on the area of operation.
Operational diagnostics: Diagnostics offer valuable insights, but most devices lack the resources to analyze them, requiring centralized management.
Device security: IoT device management applies necessary security protocols, bringing all endpoints under organizational oversight.
Device maintenance: Maintenance includes updating firmware and watching for security vulnerabilities, performed in bulk via over-the-air (OTA) updates.
End-of-life: End-of-life policies specify how to retire devices, decommissioning steps, and recycle materials for a minimal carbon footprint.
IoT device monitoring and IoT device management are closely related, but not interchangeable. IoT device monitoring falls under IoT device management, which is a more comprehensive approach to all things IoT.
The Shadow IoT Risk
IoT devices have proven to be incredibly useful, but they do come with unique challenges that network administrators must be wary of. One of the most significant issues is that these devices can seamlessly join any wireless network, allowing them to be installed without prior authorization from IT. This is known as Shadow IoT, a common problem in many organizations.
The trouble with Shadow IoT devices is that they don’t support additional software installs, and they don’t use typical network monitoring methods like SNMP, making them difficult to detect. When these devices go unnoticed, they can increase your attack surface, leaving you vulnerable to attack. Upgrading the device’s OS or firmware can also be a painful task, making it challenging to stay on top of device security.
But the risks of Shadow IoT don’t end there. These unmanaged devices can cause network issues, leading to slow performance or outages. They may also violate compliance regulations, leading to hefty fines and damage to the company’s reputation.
How To Secure IoT Devices
Securing IoT devices is no easy feat, but it’s vital in today’s increasingly severe threat landscape. One technique gaining prominence is IoT fingerprinting.
IoT fingerprinting involves identifying and profiling IoT devices on a network by analyzing their unique attributes, such as device type, operating system, firmware version, or even specific vendor characteristics. This allows network administrators can gain valuable insights into their IoT ecosystem and improve their overall security posture. In addition, IoT fingerprinting is particularly useful for detecting Shadow IoT devices that may be lurking on the network and not visible through traditional network monitoring methods.
Beyond IoT fingerprinting, here are some essential techniques to help ensure IoT device security:
Encryption: Always use encryption to secure data transmission and storage on IoT devices.
Authentication: Use robust authentication protocols to verify device identity, user credentials, and device-to-device communication.
Access control: Implement strict access controls to limit access to IoT devices based on user roles and permissions.
Regular monitoring: Continuously monitor your IoT devices to detect and respond to any security threats or anomalies.
Firmware updates: Keep your IoT devices up-to-date with the latest firmware updates to patch vulnerabilities and address security issues.
Physical security: Physically securing IoT devices can help prevent theft, tampering, or unauthorized access. Consider using locks or security cages for devices in public areas or high-risk environments.
Network segmentation: Segregate your IoT devices from other parts of your network to prevent attackers from moving laterally across your environment in the event of a successful attack.
Behavioral analysis: Analyze the behavior of IoT devices to identify potential anomalies or threats. This can help you detect suspicious activity and take action before any damage occurs.
Vulnerability scanning: Conduct regular vulnerability scans on your IoT devices to identify and remediate potential security risks.
Incident response planning: Have a comprehensive incident response plan for IoT security incidents, including roles and responsibilities, escalation paths, and communication protocols.
Final Thoughts
IoT devices are here to stay, which means we need to start taking a more dedicated and proactive approach to ensuring IoT security. Without IoT device monitoring and management, organizations leave themselves vulnerable to a wide range of potential threats, including data breaches and system outages. Fortunately, with the right combination of policies, processes, and technology, organizations can effectively secure their IoT devices and minimize risk.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
About Portnox Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。
