Vulnerability Manager Plus
Security is hard. No matter how many things you do right, it only takes one vulnerability to hack your environment. As a one-man security shop, this thought terrifies me. And as a one-man security shop, it sometimes seems like I am the only taking security seriously. This feeling is only heightened when I find something odd like a user who was made an admin temporarily or some new equipment brought in without my knowledge and still using default passwords.
If you found yourself agreeing with that little rant, you will be interested in using ManageEngine’s Vulnerability Manager Plus to find and mitigate those worries before the worst happens. As is normal for their products, you can use the fully featured free version on up to 25 machines. When you first download and install the Vulnerability Manager Plus, it will default to their Enterprise version – after 30 days, you can continue to use it on 25 machines. You can also choose to use their cheaper Professional version as it provides all the auditing and alerting features still.
What does Vulnerability Manager Plus do?
When I first started looking into Vulnerability Manager Plus, the unusual feature set through me off a bit. Their feature set can be divided into two major subsets.
But when you look at these features, you’ll see that they are integrated into the entire vulnerability lifecycle. Vulnerability Manager Plus targets vulnerability potential and helps you address vulnerability exploitation. Let’s look at each of these components now. As we go through these, follow along in the online demo environment to get a feel for each component.
Automatically Update Third Party Software for Your Sanity
If you are familiar Desktop Central, another ManageEngine product, you will already be familiar with the patch management features in Vulnerability Manager Plus. But either way, I will say that if you are not automatically deploying third-party updates, you are creating a lot of additional work for yourself and potentially leaving software unpatched and exposed.
Right now, Vulnerability Manager Plus can patch over 250 third-party apps. The screenshot, above, shows 35 patches for a variety of Oracle software, including Java Runtime Environment. Other updates are available for apps as obscure as Huddle to the print management software Papercut to ubiquitous apps like VLC.
Once Vulnerability Manager Plus has scanned your environment, you can quickly see what software you have, and which machines need to be patched. Third-party patch management means that you aren’t spending hours re-packaging updates and you are able to support just a single app version instead of a multitude of different releases.
One related note before we move to the configuration side of Vulnerability Manager Plus. Because you are provided with a database of all installed software, you can quickly see and uninstall unsupported or high-risk software. For example, you can see where any legacy software is located or if someone stood up a potentially dangerous service without you knowing.
Who moved my cheese and how can I protect it?
The security configuration analysis and enforcement features are all about finding change, adapting, and solving configuration drift.
Configuration drift and noncompliance can occur for a variety of reasons. It could be a technical issue, such as a broken antivirus client on a machine. It could be the result of a mistake; a tech might have disabled a client firewall to test a theory and forgot to turn it back on. In some cases, it can be the result of intentional actions – a sensitive password is leaked and allows credential elevation. No matter the cause, you need a method to quickly detect configuration drift and a mechanism to revert to your secure baseline.
In Vulnerability Manager Plus, configuration drift is stored under the System Misconfigurations section. This interface aggregates misconfigurations across the entire machine spectrum. For example, you can see security issues with common software, such as Chrome, and security misconfigurations at the OS level.
For me, the ability to triage issues by severity and machines affected is huge. In the screenshot above, you can see your critical and oldest issues in the top left of the table. Like any great dashboard, select a ranking (ex: Oldest + Most critical) to jump into the vulnerability details.
Related to this is the Web Server Misconfiguration analyzer. One of the most common methods for malicious entry into networks is through web servers. In older environments, it is common to see a plethora of single-use web servers that provide a variety of services. These servers are often managed by many different people over their life cycle and those people have different security skills.
After a scan of your web servers is completed, you will be able to see if permissions are set correctly, if your authentication mechanisms are secure, and other common issues. If you are a small shop, it is tough to find time to fix everything and to know everything – see and ranking misconfigurations like these can help you tackle the most pressing problems first.
The final part that I want to highlight is the Zero-day vulnerability scan. With the NSA’s recent warning about BlueKeep, being able to quickly find and patch zero-days is a must for any shop. WannaCry taught the world that lesson.
With a WSUS/SCCM approach to patching, it is common to see swaths of machines a month or more out of date. It is also common to see machines that haven’t completed an update for technical reasons. When you are using Vulnerability Manager Plus, you can clearly see what machines are still vulnerable and then push patches directly. This approach brings your compliance to 100% and eliminates those attack vectors.
Staying on top of security is a tough enough job for anyone. This is only compounded in environments without dedicated security staff. Like I said at the beginning of this piece, it only takes one wrong move for your environment to be exploited.
Vulnerability Manager Plus can provide a second set of eyes and catch many common misconfigurations. Because it can free up repetitive time killers like patch management, you can finally work on the more complex security projects that you have.
There are also a lot of other smaller features that we did not get the chance to dive into. These include things like reporting for audits, port usage, and system analysis. If you want to find your vulnerabilities and explore this software more, you can download the free version here.