If you can't answer yes to each of these, we should talk.
Question 1: |
In just a few minutes, can you quantify the following across your Linux servers according to the U.S. National Vulnerability Database?
|
|
Question 2: |
If a new port opened, closed or was changed on one of your servers:
|
|
Question 3: |
In just a few minutes, can you:
|
|
Question 4: |
Within a few minutes, would you know if:
|
|
Question 5: |
Within a few minutes, would you be alerted if the following happened on any of your servers?:
|
|
Question 6: |
Can you organize your individual servers into Departments that reflect logical organizational units within your enterprise, and then subsequently see trends and aggregated vulnerability statistics for those Departments? | |
Question 7: |
For any of 1-6, can you quantify to what extent these risks have shifted across two categories:
|
Anamo is an integrated vulnerability detection and management platform. As software names, versions, and vendor revisions are sent by client servers, Anamo checks each instance against the national vulnerability database and other trusted data sources. That yields rapid visibility into the state of your software vulnerabilities across your entire enterprise.
Servers may be grouped by department or by tag. For many (if not most) businesses, looking up all vulnerabilities for a particular unit can take dozens of hours. With Anamo, this knowledge is gleaned in seconds.
Anamo shows you all vulnerabilities on your server found in the National Vulnerability Database. This includes displaying the associated CVE number, exploitability risk, attack vector, and determined severity of the risk.
Anamo provides technical details for every every vulnerable package found on any of your servered ranked by its severity score so you know what to prioritize for remediation. In addition, Anamo also displays the exploitability likelihood, a measure of how simple or complex a known vulnerability is to actually use against a server manifesting that vulnerability.
You can also look back at your server at various points in time to see how many vulnerabilities existed then to see your progress towards securing your enterprise environment.
Anamo's trend analysis makes quantifying risk over time easy.
Anamo also lets you drill down into an individual package to see all associated risks, as one version of software can of course have multiple vulnerabilities. Package data (sepecially lower-level dependencies) are described so you know what you're dealing with. This all part of Anamo's mission to bring to the surface and collect useful data in one place so that you can make informed information security decisions.
A particularly unique feature of Anamo is knowing why a vulnerability was fixed. With Anamo's vulnerability timeline, you can see what specific version of software (typically a more up-to-date one) actually ended up remediating a vulnerability. This also helps quantify trends and how effective the response was, because it shows how long a vulnerability existed before it was remediated by another version.
Anamo tracks when new software packages are added, when the version of existing software packages change (whether the version is upgraded or downgraded), and (3) when software packages are removed.
Anamo is all about getting the right data to the surface quickly. Its software version history capabilities let you pick a package on a server and review its entire version history. This can show if any versions were vulnerable at any point in time.
Currently supported packages include: rpm, pip, deb, and Ruby gem. Windows support, including OS and individual software packages, is coming later in 2018.
Ports are like openings on a sever that allow data to flow in and out. From an information security perspective, knowing what ports should be open is kind of like knowing who has keys to your house: if that changes, you would certainly want to know.
Anamo’s Port Events functionality tracks when new ports open, existing ports close, and when ports are updated.
Anamo also shows port definitions, even the weird ones. Often, IT administrators have to look up what a port does or what program it is associated with. Anamo saves time by showing you what services or functions are associated with a particular port.
Open ports could be caused by a malicious actor opening a port to exfiltrate data from your system or by a program running locally that opens a port as part of its functionality. Whether or not the intent is malicious, an knowing when ports open is crucial. An open port can cause communication external to your server or network to talk to your server, or can cause your server to communicate with the outside world.
Closed ports may similarly indicate a security risk. The team at US ProTech has seen ports close when a malicious actor seeks to block information from reaching security monitoring tools. Similarly, a closed port can cause services that depend on those ports to cease functioning normally.
Changed port rules can be innocuous or indicative of a malicious move. For example, suppose a firewall rule is configured to only allow port 3306 to talk to an IP address of 127.0.0.1. If that rule is updated such that port 3306 is now allowed to communicate with both 10.20.30.40 and 127.0.0.1, that change event could indicate an overly-permissive set of rules that an attacker could take advantage of.
Risk Area | What Anamo Collects | End Result |
---|---|---|
|
|
One of the most frustrating challenges when it comes to cybersecurity is keeping track of subtle changes. Server filesystems posses thousands of files, directories, and other resources. Keeping track of when those changes occur is both overwhelming and incredibly important.
What if, though, software that ran 24/7 did it for you, keeping an eye on the entire state of your filesystem at different dates and times. That would allow you to know what users and groups owned what resources and what permissions were set to.
Anamo is an incredible search engine and alerting tool for keeping track of the vast tree of a Linux or Windows (later in 2018) server system.
Octal permissions refer to what users, groups, and others can do in terms of reading, writing, and executing resources on your servers. Figuring out where liberally excessive permissions exist across all of your servers would not unreasonably be a serious undertaking for many companies.
Anamo, however, is wicked fast. It can search and compare what octal permissions currently exist and how they were set in the past. If you'd like to find where permissions of 777 exist across your systems, simply enter it and go. Anamo pulls the latest transaction date and time, searches against that, and presents the file name, type, and path for you to easily find and fix it.
Anamo tracks when permissions change in two ways: when ownership changes or when octal permissions change. Both are incredibly important security metrics.
When a new owner, whether a user or group, gets associated with a particular file or directory, that could be evidence of a slip-up by an IT staff member or a malicious attempt to escalate privileges.
Anamo also tracks octal permissions for files and directories. When certain users or groups are given more or less access to files or directories, this can certainly be indicative of anomalous activity.
One of Anamo's unique features is that it acts like a forensics time machine for your filesystem. Simply pick a transaction date and time and Anamo quickly loads key security information about your filesystem at that point, including file and directory ownership, resource names, and permissions. Coming in March 2018 will be the last modified time of the file or directory and its size.
Anamo keeps an investigating-eye on your server's permissions per user and group, what users + groups exist, and their relationships to one another.. In terms of securing your data, these categories are intimately connected because users and groups have permissions to perform certain functions. These are among the most overlooked aspects of information security because these types of specific changes are rarely noticed by most IT staff or other security applications.
Anamo keeps track of user and group data in all Linux servers and Windows servers are being added with our next update. In our team’s collective security experience, any modification to a user, group, or group membership is significant. It could be an errant, negligent employee making a mistake, a vengeful employee or contractor looking to cause insider harm, or evidence of an external, malicious attacker seeking to elevate their privileges.
Anamo also acts as a time capsule into the existence of past users, groups, and group memberships providing deep forensic capabilities. Anamo’s ability to track user and group activities provide invaluable data toward investigations. For example, if you could prove that a departing employee went on a vengeance streak this data would be essential.
Anamo can provide strong evidence to rebut negligence or individuals who might pursue monetary damages (this feature of Anamo was inspired by a contract to help a law firm prove that suspicion after an internal investigation). In the event of a breach, Anamo also provides the ability to see that attack vector; example, a privilege escalation that allowed an unauthorized user to join a group that had the permissions that he or she desired.
Anamo allows you to categorize servers into a department. This helps limit visibility from members of your organization who do not need to see what's happening in other groups while giving CISO, legal, and risk/compliance/governance professionals the information insights they need to provide proper oversight.
Anamo is enterprise information security software with two parts:
(1) An agent that collects minimal data from a customer's server in a privacy-conscious manner using an extremely lightweight Ruby gem.
(2) A secure web application to view, search, and conduct trend analysis for your enterprise information security risk posture.
Anamo takes care of the "heavy lifting," eliminating any need to run intensive software or impose any performance burden on our customers' IT environment. Data is received by Anamo at regular time-based intervals, and upon arrival, vast quantities of data are parsed to extract relevant cybersecurity information, bring it to the surface, and present actionable information. The end result is a much more informed perspective on your organization's cybersecurity, the type that enables more intelligent and more real-time decision-making.
Anamo monitors risks to your servers in five key areas that are notoriously difficult to maintain constant awareness of.