Continuous Asset Profiling

Continuous Asset Profiling

December 11, 2019 / blog , general / Comments (0)

 

Something we are pretty proud of at Edgescan is our Continuous Asset Profiling service which is part of any Edgescan license. We call it HIDE (Host Index, Discovery & Enumeration).

 

So what is it and why should I care?

HIDE provides continuous asset profiling across blocks of our clients IP’s.
So rather than asking a client to specify individual IP’s, Edgescan profiles entire IP blocks/ranges. But why do this?

The reason we give our clients the ability to profile entire blocks is three-fold.

  • HIDE can detect if a server/IP goes live since the last round of continuous profiling.
  • HIDE can detect if a new service/port or firewall change has occurred on any asset profiled.
  • HIDE can alert our client of any change to their external asset profile on an ongoing basis using various methods such as SMS, email or outgoing webhook.

 

If, as per traditional approaches to profiling, we only assess named endpoints we don’t get the full picture.

 

HIDE eliminates network blindspots.

HIDE is very good at identifying many blindspot use cases including:

  • The dev team deploy a server for testing without knowledge of security.
  • A rogue exfiltration point is established similar to an APT
  • A rogue service is deployed to exfiltrate data

 

Detection is performed in Edgescan via profile DELTA ANALYSIS on a continuous basis so we detect change in near-realtime. Via the portal Edgescan users can query HIDE information across thousands of servers in seconds. This can be done by using our filtering API on the console. So if a user needs to query all systems with say “Ports 80/443 open running Linux” across thousands of servers this can be done in seconds and downloaded into CSV, XLSX etc.

 

Clients with large estates (10,000’s of IP’s/Servers) find this a very useful feature of Edgescan

Obviously our Edgescan API can be used to query this information also without using the GUI.

Alerting is also configurable such that DevOps staff can be alerted when defined incidents take place.

 

HIDE gives Edgescan clients the ability to monitor and profile systems and alert them of any changes to their estate profile in minutes.

 

Have you used HIDE?  Tell us what you think.

 

Please get in touch through the Edgescan Contact form for more information.