- Docker logs tail: Troubleshoot Docker containers with real-time logging - Wed, Sep 13 2023
- dsregcmd: Troubleshoot and manage Azure Active Directory (Microsoft Entra ID) joined devices - Thu, Aug 31 2023
- Ten sed command examples - Wed, Aug 23 2023
According to SanerNow, it has the world's largest vulnerability intelligence database, with 160,000+ security checks and the industry's fastest scans, including the following modules:
- Asset Exposure—Gain complete visibility and control over the organization's assets
- Vulnerability Management—Discover, assess, prioritize, and remediate vulnerabilities from a single centralized console
- Patch Management—Automated patching for Windows, MAC, Linux, and 350+ third-party applications, in addition to firmware
- Compliance Management—Continuous compliance with industry regulatory standards, such as HIPAA, PCI, NIST, ISO, and SOC 2
- Endpoint Management—In addition to patching, you can leverage hundreds of security controls to mitigate security risks
- Endpoint Query Response—Build custom queries to detect anomalies and respond quickly with a wide range of probes
How does CPAM work?
CPAM detects posture anomalies and outliers in your IT infrastructure by continuously assessing your devices. It monitors numerous parameters across your devices using machine learning and statistical analysis. It provides the following visibility to IT admins and SecOps teams:
- Vulnerable processes
- Unsigned applications
- Unwanted devices
- Outbound connections to unusual ports
- Unusual applications
- Unwanted ports
- Inactive users
- Disabled BitLocker
Teams have access to numerous data points and computation rules to discover anomalies:
SanerNow CPAM out-of-the-box capabilities
SanerNow has excellent capabilities out of the box, so IT admins and SecOps can hit the ground running with the solution and achieve quick time-to-value. These include:
- Run daily automated scans and discover anomalies—Schedule automated scans for the daily discovery of anomalies in the environment.
- Get deep insights into the cybersecurity posture of the environment with over 2000 device parameters and 75+ computation rules.
- Quickly identify an anomalous posture through statistical anomaly computation—Discover vulnerable processes making outbound connections, unusual command execution, atypical firewall configuration, etc.
- Add known good devices and configurations to an allowlist for in-house applications.
- Quickly spot deviations from security controls, such as disabled firewalls, enabled autologin, outdated operating system patches and software, and security controls.
- Prioritize anomalies based on confidence score—SanerNow provides a confidence score to prioritize cybersecurity posture anomalies that need immediate attention.
- Built-in actions to quickly remediate discovered anomalies with cybersecurity automation. You can also create your own detection rules.
- Intuitive dashboard and reports—Quickly understand the overall security posture of your environment with dashboard visualizations and generate custom anomaly reports. CPAM also provides report APIs to create custom visibility and integrations.
Signing up and trying SanerNow CPAM
You can sign up for the 30-day trial version of the solution, and then you activate the modules you want to use in your account by clicking the tiles for each solution.
Once you have provisioned the tools you want to use, finish updating your profile and save the profile information.
After signing up and activating the profile, you can launch the Saner platform. You can see the activated modules below, including the Posture Anomaly module.
As you can see on the Deploy Agent screen, you can download agents for the following:
- Linux Debian
- Linux Alpine
Deploying the SanerNow agent
Deploying the SanerNow agent is straightforward. From the dashboard, you can download the agent for your platform. Then, run the downloaded installer on your endpoint.
Once you have a device onboarded with the SanerNow agent, you can designate the device as a network scanner. The network scanner can scan your local network for vulnerabilities on other devices. You can also import devices using Active Directory synchronization.
SanerNow security posture and vulnerability management
One thing you will notice with SanerNow is the wealth of information you receive from the agent.
At a glance, you can quickly see the vulnerability details for your endpoints.
You can also easily see misconfiguration details in the information gathered from the SanerNow agent. These include the following:
- Compliance details
- Installed patches
- Missing configurations
On the Patch Details screen, you get a detailed view of the patch information. It includes:
- Installed patches
- Missing security patches
- Missing nonsecurity patches
On the Assets screen, SanerNow displays asset information for your endpoint, including:
On the Posture Anomaly screen, you get a detailed view of posture anomaly findings from the SanerNow scans. This includes anomalies from the following categories of scans:
- Software assets
- System security
You can also configure your own custom queries to create your own customized posture anomaly requirements and metrics.
On the Visibility dashboard screen, SanerNow provides an excellent overview of the findings across the various modules of the solution, including the following:
- Asset exposure
- Posture anomaly
- Vulnerability management
- Compliance management
- Patch management
- Endpoint management
SanerNow has an excellent approach to building out reports for your environment. The API report builder lets you choose your report elements in a point-and-click fashion to build custom views of your cybersecurity posture. These can be scheduled, downloaded, or shared.
I found the SanerNow Continuous Posture Anomaly Management tool easy to use and intuitive. With the SaaS-based approach, you don't have to worry about standing up infrastructure on-premises to leverage the solution. Instead, you only install the agents for endpoints and can leverage specific endpoints as network scanners to scan your on-premises environments. I was pleasantly surprised at the wealth of information and visibility supplied by SanerNow once I scanned an endpoint. You can instantly see areas where your security posture needs to improve, which helps shed light on potential blind spots.
Subscribe to 4sysops newsletter!
You can learn more about SanerNow Continuous Posture Anomaly Management here: SecPod: We Prevent Cyberattacks.