Host Based Vulnerability Scanning coming out of beta

One of Tutela’s first features was network based scanning, where a network scan would probe for open ports, attempt to determine what service was running on an open port, and look for the appropriate vulnerabilities.

Tutela users have been asking to extend this capability to host based scans, ideally without having to install an “agent” or some other software on each server in their infrastructure. This week we are excited to soft launch this functionality wherein:

• The Tutela agent is configured with appropriate credentials to login to servers. The agent will then launch network scans as before
• If SSH is detected during a port scan, Linux OS is assumed and Tutela will attempt to login using the provided credentials and proceed to enumerate all packages installed along with their vulnerabilities
• If WinRM is detected, Windows OS is assumed and Tutela will again attempt to login, enumerate all installed software, and lookup corresponding vulnerabilities.

The “Discover” dashboard has been updated so you can see packages which have vulnerabilities, in the below example, the majority of vulnerabilities were detected in an outdated Mozilla Firefox installation:

Filtering and reporting remains similar to before, with details updated to reflect software based vulnerabilities in addition to the previously available network based vulnerabilities. For example,filtering on the Firefox item from above would result in the following table of vulnerabilities

All this is done without requiring any software installed on your servers. All that is required are valid linux/windows user accounts and network connectivity to the targets via SSH or WinRM

Improved visibility into assets

In order to allow you to better visualize the scanned assets in your infrastructure, the “Assets and Services” page has also been updated. You will notice a couple of new tabs on the tope left hand side

• Network
• Software

The network tab as before still displays any detected open ports and software listening on those ports. A couple of visuals have been included which allow you to easily click and filter results:

The newer addition is the software tab which displays the results from host based scanning:

This new tab shows you information such as the Operating System detected on an IP, as well as the packages and versions installed on each machine. Below we can see the new page in action showing software installed on both linux and windows machines

Host based scanning will be generally available soon, in the meantime if you’d like to sign up for early access or for more information please contact us!