Can the software perform unauthenticated and authenticated scans against Windows/Linux, Applications and Network devices?
Scanning of Windows, Linux, Applications and Network devices is supported by the software.
For DMZ and internal scans, it can be differentiated between authenticated and non-authenticated scans. When performing an authenticated scan, the GSM uses credentials and can discover vulnerabilities in applications that are not running as a service but have a high-risk potential. This includes web browsers, office applications or PDF viewers.
There are both advantages and disadvantages on authenticated. On Linux systems for example, an unprivileged user is sufficient and can access most interesting information but on Microsoft Windows systems unprivileged users are very restricted and administrative users provide more results. An unprivileged user does not have access to the Microsoft Windows registry, the Microsoft Windows system folder \windows, which contains the information on updates and patch levels etc.
Can the software perform internal and external scans?
Yes, the software can be used to carry out both internal and external scans. Many attacks are executed internally by insiders through methods of social engineering or a worm so it is very important for the security of the IT infrastructure that internal scan be carried out. On the other hand, the software can be used to scan the network externally, to help identify badly configured or misconfigured firewalls for example.
Can the software email when new vulnerabilities are seen or be integrated with other service desk tools?
Alerts are anchored within the system. When a configured event happens (e.g. a task is finished) or a specified condition is checked (e.g. vulnerability with a high severity category is detected) the software can be configured to perform a certain action e.g. send an email to a pre-defined email address.
The software can be connected to other systems. Some systems have already been integrated into the GSM by Greenbone Networks including the verinice ITSM system, the Sourcefire IPS Defense Center and the Nagios Monitoring System. The software has numerous interfaces that allow for the communication with third-party vendors. Hereby the software offers the following interfaces:
Greenbone Management Protocol (GMP)
The Greenbone Management Protocol allows to remote control the GSM completely. The protocol supports the creating of users, creating and starting of scan tasks and downloading reports.
Connecting additional scanners via OSP
The Open Scanner Protocol (OSP) is a standardized interface for different vulnerability scanners. Arbitrary scanners can be seamlessly integrated into the GSM vulnerability management. Controlling the scanners and handling the results works in the same way for all scanners.
Is it possible to tag and/or prioritise endpoints? i.e. critical services to the charity
Tags are information that can be linked to any resource. Tags are created directly with the resources and can only be linked to the resource type they are created for. By filtering using tags, custom categories can be created and used in the filters. This allows for versatile and granular filter functionality.
When it comes to monitoring a range of hosts and prioritising certain ones, you can specify an ‘order for target hosts’. This will allow you to select how the specified network area should be searched. The options available are:
Can the software perform Discovery Scans?
Yes, out of the box the software comes with a number of different ‘scan configurations. Each scan config carries out different checks by utilising certain NVT’s. I believe the ones you require would fall under these categories:
Only NVTs are used that provide the most possible information of the target system. No vulnerabilities are being detected.
Only NVTs are used that discover target systems. This scan only reports the list of systems discovered.
Only NVTs are used that discover target systems including installed operating systems and hardware in use.
Does the software have dashboards?
Yes, out of the box the software comes with a number of different dashboards. We have the following:
The main dashboard provides a quick presentation of the network state. All elements can be selected using the mouse and support a drill-down.
The main dashboard displays all tasks both by status and by severity at the top. At the bottom the host topology is shown and the CVEs and NVTs are rated by severity and creation time.
The scan dashboard concentrates on the actual scan tasks. It shows the individual scanned hosts and the full reports by their severity class. Additionally, the scan dashboard includes the tasks shown by status and severity from the main dashboard.
The assets dashboard includes the host topology from the main dashboard and additionally displays the most vulnerable hosts, the distribution of the found vulnerabilities compared to the discovered operating systems and the operating systems by severity class.
The SecInfo dashboards displays the NVTs, CVEs and CERT Bund advisories by their corresponding severity class. Additionally, it displays both CVEs and CERT Bund advisories by their creation time.
Can we perform environment wide vulnerability management i.e. Add or Remove IP’s/Devices ourselves?
Yes, Devices/Hosts can be removed from the web console by users with sufficient privileges
Can a user run a scan when they want?
Scan tasks can be run on an ad-hoc basis or configured to run on a scheduled basis. For continuous vulnerability management the manual execution of tasks is tedious. The GSM supports the scheduling of tasks for their automation and refers to schedules as automatic scans at a specific time. They can be run once or repeatedly.
Can we verify the length of time of patch release to path inclusion within the tool?
Each CVE includes a Published and Modified date.
Each NVT includes a Created and Modified date.
The NVT will provide insight into what the vulnerability is, the Software/OS versions that are affected, the impact, solution (if available) and references (web pages that provide more information surrounding the vulnerability - Microsoft Security Bulletin post etc.) For example, the NVT relating to the WannaCrypt vulnerability references a Microsoft Security Bulletin post which was published on March 14th, 2017. The created date for the NVT that looks for that particular vulnerability was March 15th, 2017.