If you own an e-commerce site, you’re probably unaware that you could have open ports, private git repositories, or exposed subdomains – to name a few – that attackers can exploit to gain access to sensitive information residing in your systems. What you need to reduce the risks of an attack and its potential damage are an asset monitoring and inventory solution. Using asset monitoring is like hiring a hacker to penetrate your networks to tell you where you have vulnerabilities: it mimics attackers’ actions to outline and size a target’s attack surface and its weaknesses. Besides monitoring, inventorying your assets is a fundamental step to knowing what is on your global hybrid-IT environment and what needs to be secured. An inventory helps you uncover hidden or unknown assets connected to your IT environment. Ideally, an inventory tool should help you normalize and categorize by product families, eliminating variations in vendor and product names. This inventory should give you detailed information about each asset, including installed software, running services, and other important items. Let’s see the most relevant SaaS-based asset monitoring & inventory arena.
Detectify Asset Monitoring
Detectify offers a powerful web vulnerability scanner that automates security modules at scale, checks for entry-point vulnerabilities, and covers a wide attack surface. The tests performed by Detectify will reveal XSS, SSRF, and RCE vulnerabilities, sensitive file exposures, API keys or passwords exposed in page responses, exposure of data through internal monitoring tools, and path traversal vulnerabilities. Detectify hosts their own private community of ethical hackers to crowdsource vulnerability research so it’s giving you alerts from a real attacker’s perspective. The Detectify security team reviews findings by white-hat hackers and automates them to the scanner. Other features of Detectify Asset Monitoring include tracking changes in your software stack and detecting potential subdomain takeovers. By using fingerprinting technologies, Asset Monitoring reports on the software it discovers, helping you stay on top of any rogue installations or changes in your tech stack. You may have subdomains you no longer use, inadvertently pointing to third party services. Those subdomains can be registered on those third parties by malicious hackers who ultimately could hijack them. Detectify can prevent your subdomains from getting hijacked, either by using a list of subdomains you provide or by discovery. Detectify offers various monthly subscription plans that adjust to the needs of each online business or e-commerce. You can test the service with a 2-week free trial that will give you 14 days to fix as many common vulnerabilities as it can detect.
Qualys Asset Inventory
Qualys offers its Global IT Asset Inventory app, helping every company make everything visible and eliminate manual inventorying. Using a sensor network and an AI, Qualys’ solution can discover on-prem devices and applications, together with containers, endpoints, mobile, cloud, and IoT assets. What you get is a 100% real-time visibility of your hybrid-IT environment, in the form of dashboards with clean, organized data. With Qualys Asset Inventory, you can get immediate answers to questions such as: How many computers do not have the latest version of Windows 10 installed? Which client devices are running unauthorized software? The solution gives you detailed information on each asset, including running services, hardware specs, and network traffic. It also obtains metadata such as software licenses, hardware and software life cycles, and more. Qualys’ AI takes care of the categorization and normalization of inventory data, converting it into a single source of information for your security, IT, and compliance teams. A series of dynamic and customizable dashboards let you visualize your IT inventory in any way you want. Qualys’ solution is 100% cloud-based, with easy deployment and management procedures, and its inventory capability can scale from a handful to a million of assets. You can get it started for FREE with limited features. Qualys offers many other free services include API Security Assessment, SSL Labs, BrowserCheck, and 60-Day Remote Endpoint Protection.
Ivanti Neurons
Ivanti Neurons proposal consists of a Hyper-Automation platform designed to provide self-service to end-users in a continuous, proactive, and predictable manner. The purpose of this platform is to manage all kinds of devices, from cloud to edge, giving them the ability to self-heal and self-protect. Post-2020 normality means companies have employees working anytime and from anywhere and expecting fast, consumer-like experiences. This situation generates an explosive growth of edge services and endpoints, multiplying cyber-security threats. With Ivanti Neurons for Edge Intelligence, your IT crew gains the ability to rapidly detect these threats, querying all edge devices using natural language processing (NLP) and getting real-time intelligence across the enterprise. Once Ivanti Neurons for Healing gets in the action, an army of automation bots is deployed all along your network to diagnose every asset, remediating performance, security, and configuration issues, and maintaining your endpoints compliance. All routine tasks are automated, creating a self-healing environment that reduces costs and improves productivity. With the Ivanti platform, the time required to gather and normalize asset information could get reduced from weeks to minutes. Your asset management database will be populated with actionable insights from hardware and software inventory data and software usage information.
Tanium Asset
Strategic decisions require updated, realistic data. In terms of IT operations, a full understanding of your assets and what is running on them is a must to make the right decisions and turn your investment in IT into a driver of your business instead of a burden. Tanium Asset gives you real-time data about your assets, no matter where they are or if they are online or offline. Tanium Asset does its work without requiring extra infrastructure and without installing agents on the endpoints. A unified platform approach provides endpoint control and visibility, providing real-time inventory information about your assets, and freeing your IT team from complicated or hand-made reports. With the aid of customizable dashboards, you can focus on the assets by department, user-group, location, and other parameters. Accurate information can help you increase throughput by reclaiming underutilized assets. Tanium Asset feeds your Configuration Management Database (CMDB) with real-time data, making sure you always have the freshest information to know each asset’s utilization rate and its last known state. Tanium’s solution suite manages your cloud, end-user, and data center systems from a unified platform at a massive scale. This platform is built to deliver all of its services – patching, inventory, compliance, and incident response – from a single agent. At the same time, the Tanium client gives full visibility of the endpoints, together with the ability to take action on them.
Tenable
Once you have a full view of your entire attack surface, you might ask yourself: Where do I start? Tenable.io helps you in that area, letting you quickly investigate, identify, and prioritize vulnerabilities, so you will know where to put your efforts. Tenable gets its power from Nessus technology, a popular remote security scanning tool. It provides active scanning, cloud connectors, passive monitoring, agents, and CMDB integrations to provide continuous visibility of known and previously unknown assets. Tenable combines its coverage for more than 60K vulnerabilities with data science techniques and threat intelligence, composing understandable risk scores that let you decide which vulnerabilities to fix first. You will no longer need network scanners or agents to detect your assets on the cloud. With cloud-native tools and Frictionless Assessment technology, Tenable.io offers continuous and almost real-time visibility of your AWS or other cloud infrastructures. Pricing depends on the number of assets you need to monitor and protect. You can have the solution installed in seconds and start getting actionable results in a matter of minutes.
A solution for unpleasant surprises
Surprises are good for birthday parties and Christmas presents. But when it comes to IT asset management, it’s better to avoid surprises. If you have vulnerable applications and devices in your cloud, in your data center, or your edge, the sooner you know it, the better chance you have to remedy it and avoid being targeted by cyber-attacks.