Announcing Configuration Checks and Vulnerability Management

We’re excited to announce the release of two new Intezer Protect features. Intezer Protect now offers under the same roof not only incredible Linux threat detection and response, but also configuration checks and vulnerability assessments. Enabling you to better safeguard your compute resources and meet compliance standards.

Vulnerability Assessments

Organizations must adhere to compliance requirements such as PCI-DSS, HIPAA and SOC 2 that demand a vulnerability management process be put in place. Due to lack of visibility into their environments, companies often find out they are running vulnerable software after an attack has occurred. The 2017 Equifax breach showed a clear example as attackers were able to compromise their environment using an Apache Struts vulnerability that was patched more than two months before. Attackers were able to use this vulnerability to remotely run code on Equifax’s servers. Researchers note that this was not an isolated incident as the exploit has been used in a large number of cases.

Configuration Checks

Based on CIS checks for Linux, Docker and Kubernetes, Intezer Protect’s sensor scans hosts for misconfigurations at different cloud-native stacks and levels. When a misconfiguration is detected, for example a misconfigured Docker API port, the platform provides information on how configurations can be updated. The growth of the use of containers in the cloud has made them prime targets for cybercriminals. Misconfiguration in applications such as Docker allows attackers to elude standard container restrictions and execute various malicious payloads from the host. Recently, Intezer detected a new malware payload using Docker API misconfigurations to create a previously undetected backdoor named Doki. These types of attacks are actually quite common as attackers scan for publicly accessible Docker API ports and exploit them to set up their own containers and execute malware on the victims’ infrastructure. Alarmingly, Intezer research shows that it takes only a few hours from when a new misconfigured Docker server is up online to become infected by this campaign.

By having visibility of how systems are configured and what vulnerable packages are installed, companies can better understand what is putting their environments at risk and what actions they need to take.

These new features bring you the benefits of:

• Misconfiguration scans label each issue as critical, high, medium or low and provide commands that can be run to correct the problem. This enables teams to develop an updated schedule that addresses the highest risks first
• Scan for vulnerable software within your host. Allowing for triage efforts to focus first on active threats before potential ones
• Providing info needed to improve the root-cause-analysis of an attack providing a straightforward path for remediation

Configuration checks and vulnerability assessments can help reduce the chances of a successful attack. With the constant change in technology and the historical use of Zero-day attacks it is impossible to close all attack vectors completely. This is where the importance of runtime protection comes into play. Intezer Protect with its top of the line attack detection provides a last line of defense to prevent the likelihood of a successful compromise.

Already a community user?

Upgrade your sensor. Step by step instructions can be found in our documentation.

Try the Intezer Protect Community Edition

Misconfiguration and vulnerabilities provide an open door for attackers to gain access to our systems. Intezer Protect defends the cloud-native stack—including VMs, containers and container orchestration platforms—providing necessary visibility into all code running in your environment.

Our lab environment is pre-configured with misconfigured applications and vulnerable packages. This environment has easy to run scripts that simulate attack scenarios giving you the ability to see these new features in action.