Vulnerability assessment and management is a critical piece in the cybersecurity program for any organization. Most organizations perform periodic vulnerability scans. However, traditional vulnerability scanning tools have largely resulted in a painful experience for customers. This is due to multiple reasons as below:
- Need to install agents or scanner appliances across the fleet
- These agents or scanner appliances are fairly intrusive in nature with the scans happening over the network
- Need to perform recurring scans in a scheduled manner to keep up with the vulnerability deluge
- Agents are typically daemon processes which require super user privileges
- Need to share sensitive credentials with the agent / scanner appliance
While customers have been largely unhappy with these tools, unfortunately there were no better options available then. ThreatWorx flips the model when it comes to asset discovery and scanning for vulnerabilities. This is facilitated using our open source discovery component called as TWIGS which stands for “ThreatWorx Information Gathering Script”. Here are the benefits of twigs:
- It is an open source component which implies that you can inspect the source code (completely white box as opposed to black box agents). You can explore the source code here
- Available as a python package which is fairly lightweight (less than 150KB in size)
- Not a daemon but a CLI based interface (read more here)
- Super fast in discovering assets (note twigs does not scan for vulnerabilities, but rather discovers enough meta data about the host/device aka asset)
- Does not require drilling any holes in your firewall since twigs communicates with ThreatWorx instance using REST over HTTPS
- Does not require any super user privileges to do its job
- No need to share any credentials with ThreatWorx, since twigs runs locally in your environment and it does not relay any credentials outside to ThreatWorx.
To summarize twigs helps discover enough meta data about the asset and pushes it to the cloud. This meta data is used to perform a “virtual” vulnerability scan in the cloud. This is where it gets interesting – there is no scan happening on your devices on the network. Thus, your business infrastructure is not burdened with the scan at all. The “virtual vulnerability assessment” happens completely in ThreatWorx instance (which could be running in your cloud [Azure / AWS / GCP] or ThreatWorx cloud depending on your choice).
Last but not the least – once your assets are discovered, then those are proactively protected henceforth. Basically what this means is that after your assets are discovered, then ThreatWorx will automatically assess the impact of new vulnerabilities that surface (or vulnerabilities that are updated – say new exploit has been discovered) on your asset and flag any impacts of those vulnerabilities on your assets without the need for any scans. This helps eliminate the scanning burden and increases the productivity of security teams.
ThreatWorx can help revolutionize your vulnerability management program with its pro-active, continuous, no-scan, agent-less approach to vulnerability management.