Kenna & VMware Carbon Black Collaborate  
Learn More >
Contact Us
Talk to an Expert
Request a demo

Nmap + Risk I/O = Peanut Butter + Chocolate

Sep 3, 2013
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

No, I’m not speaking of a fancy new risk formula, but rather about one of our most popular integrations: Nmap.

Nmap can be a pretty powerful tool for asset discovery and figuring out what services and ports are open across your network. It can also be a great way to find configuration issues that could result in security weaknesses for your environment. By combining Nmap with NSE scripts you can even pull Common Vulnerabilities and Exposures (CVE) in some cases.

 

Adding data from vulnerability scanners can make for a more complete picture and help factor in to remediation decisions. This is where Risk I/O plays a starring role. Combine this with some news ways to slice-and-view the data within our asset tab to get that holistic view of your network. You can now filter your assets by Service Ports, Service Names, Protocols and Products among other things. Want to see where telnet might be exposed in your DMZ or understand where you might be running a prohibited service? It’s as simple as a single checkbox in Risk I/O.

While filtering can make issues easy to find, there are also side benefits to this. For example, we learned many of our customers in the Energy sector are using this as part of their compliance efforts with their NERC CIP ports and services requirement (PDF). By identifying those through these easy-to-use filters and saving that as a saved search, they have a single click to provide the necessary documentation to their auditors or identify any prohibited services. I’ve included a very brief video below on doing just that.

If you’re already a Risk I/O customer, give the new facets in the asset tab a try. I’d love to hear about any use cases you may have. If you’re not currently a customer, you can sign up for free and give it a spin.

Share with Your Network

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the Prioritization to Prediction series produced in conjunction with the Cyentia Institute explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities: through the lens of common asset platforms. Download the research report to learn more about the key findings: Common asset platforms and their typical risk profiles…

DOWNLOAD NOW
eBooks

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is just as critical to IT as it is to Security and DevOps.  And it’s worth getting right: Vulnerabilities can leave your most strategic assets—and your business itself—exposed to cyber threats…

DOWNLOAD NOW

Videos

Videos

Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You can learn more about the Exploit Prediction Scoring System and use the interactive calculator here: https://www.kennaresearch.com/tools/e…

READ MORE
FacebookLinkedInTwitterYouTube

© 2020 Kenna Security. All Rights Reserved. Privacy Policy.