SanerNow: Detect security anomalies

• Author
• Recent Posts

Brandon Lee

Brandon Lee has been in the IT industry 15+ years and focuses on networking and virtualization. He contributes to the community through various blog posts and technical documentation primarily at Virtualizationhowto.com.

Latest posts by Brandon Lee (see all)

• Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
• dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
• Ten sed command examples - Wed, Aug 23 2023

According to SanerNow, it has the world's largest vulnerability intelligence database, with 160,000+ security checks and the industry's fastest scans, including the following modules:

• Asset Exposure—Gain complete visibility and control over the organization's assets
• Vulnerability Management—Discover, assess, prioritize, and remediate vulnerabilities from a single centralized console
• Patch Management—Automated patching for Windows, MAC, Linux, and 350+ third-party applications, in addition to firmware
• Compliance Management—Continuous compliance with industry regulatory standards, such as HIPAA, PCI, NIST, ISO, and SOC 2
• Endpoint Management—In addition to patching, you can leverage hundreds of security controls to mitigate security risks
• Endpoint Query Response—Build custom queries to detect anomalies and respond quickly with a wide range of probes

How does CPAM work?

CPAM detects posture anomalies and outliers in your IT infrastructure by continuously assessing your devices. It monitors numerous parameters across your devices using machine learning and statistical analysis. It provides the following visibility to IT admins and SecOps teams:

• Vulnerable processes
• Unsigned applications
• Unwanted devices
• Outbound connections to unusual ports
• Unusual applications
• Unwanted ports
• Inactive users
• Disabled BitLocker

Teams have access to numerous data points and computation rules to discover anomalies:

• Data points available
• Computational rules

SanerNow CPAM out-of-the-box capabilities

SanerNow has excellent capabilities out of the box, so IT admins and SecOps can hit the ground running with the solution and achieve quick time-to-value. These include:

• Run daily automated scans and discover anomalies—Schedule automated scans for the daily discovery of anomalies in the environment.
• Get deep insights into the cybersecurity posture of the environment with over 2000 device parameters and 75+ computation rules.
• Quickly identify an anomalous posture through statistical anomaly computation—Discover vulnerable processes making outbound connections, unusual command execution, atypical firewall configuration, etc.
• Add known good devices and configurations to an allowlist for in-house applications.
• Quickly spot deviations from security controls, such as disabled firewalls, enabled autologin, outdated operating system patches and software, and security controls.
• Prioritize anomalies based on confidence score—SanerNow provides a confidence score to prioritize cybersecurity posture anomalies that need immediate attention.
• Built-in actions to quickly remediate discovered anomalies with cybersecurity automation. You can also create your own detection rules.
• Intuitive dashboard and reports—Quickly understand the overall security posture of your environment with dashboard visualizations and generate custom anomaly reports. CPAM also provides report APIs to create custom visibility and integrations.

Signing up and trying SanerNow CPAM

You can sign up for the 30-day trial version of the solution, and then you activate the modules you want to use in your account by clicking the tiles for each solution.

Activating the SanerNow modules including CPAM

Once you have provisioned the tools you want to use, finish updating your profile and save the profile information.

Fill in the profile and save

After signing up and activating the profile, you can launch the Saner platform. You can see the activated modules below, including the Posture Anomaly module.

Launching the Saner platform

As you can see on the Deploy Agent screen, you can download agents for the following:

• Windows
• Linux
• Linux Debian
• Linux Alpine
• MacOS

Agent deployment screen in SanerNow CPAM

Deploying the SanerNow agent

Deploying the SanerNow agent is straightforward. From the dashboard, you can download the agent for your platform. Then, run the downloaded installer on your endpoint.

Finishing the installation of the SanerNow agent

Once you have a device onboarded with the SanerNow agent, you can designate the device as a network scanner. The network scanner can scan your local network for vulnerabilities on other devices. You can also import devices using Active Directory synchronization.

Designate a device as a network scanner

After designating a network scanner

SanerNow security posture and vulnerability management

One thing you will notice with SanerNow is the wealth of information you receive from the agent.

SanerNow device details

At a glance, you can quickly see the vulnerability details for your endpoints.

Vulnerability details from SanerNow

You can also easily see misconfiguration details in the information gathered from the SanerNow agent. These include the following:

• Compliance details
• Installed patches
• Missing configurations

Misconfiguration details displayed in the SanerNow agent

On the Patch Details screen, you get a detailed view of the patch information. It includes:

• Installed patches
• Missing security patches
• Missing nonsecurity patches
• Firmware

Patch details including installed missing and firmware

On the Assets screen, SanerNow displays asset information for your endpoint, including:

• Applications
• Devices
• Services
• Processes
• Ports

Asset details including applications devices services processes and ports

On the Posture Anomaly screen, you get a detailed view of posture anomaly findings from the SanerNow scans. This includes anomalies from the following categories of scans:

• Software assets
• Events
• System security
• System

You can also configure your own custom queries to create your own customized posture anomaly requirements and metrics.

Posture anomaly details

On the Visibility dashboard screen, SanerNow provides an excellent overview of the findings across the various modules of the solution, including the following:

• Asset exposure
• Posture anomaly
• Vulnerability management
• Compliance management
• Patch management
• Endpoint management

SanerNow Visibility dashboard displaying cybersecurity posture overview

SanerNow reporting

SanerNow has an excellent approach to building out reports for your environment. The API report builder lets you choose your report elements in a point-and-click fashion to build custom views of your cybersecurity posture. These can be scheduled, downloaded, or shared.

Building custom reports using the API report builder in SanerNow

Wrapping up

I found the SanerNow Continuous Posture Anomaly Management tool easy to use and intuitive. With the SaaS-based approach, you don't have to worry about standing up infrastructure on-premises to leverage the solution. Instead, you only install the agents for endpoints and can leverage specific endpoints as network scanners to scan your on-premises environments. I was pleasantly surprised at the wealth of information and visibility supplied by SanerNow once I scanned an endpoint. You can instantly see areas where your security posture needs to improve, which helps shed light on potential blind spots.

You can learn more about SanerNow Continuous Posture Anomaly Management here: SecPod: We Prevent Cyberattacks.