This section describes some of the key concepts and components of F-Secure Elements Vulnerability Management that are referenced throughout this documentation.
- Elements Vulnerability Management keeps an inventory of all the assets, such as servers, computers, printers, routers, IoT devices, etc. within your network environment, discovered by Elements Vulnerability Management during the Discovery scan or a network as well as agent-based vulnerability scan. The Discovery scan maps your whole network and all its assets.
- Authenticated scanning
- In addition to regular network-based scanning, where the host’s ports are scanned and the exposed services are reviewed for flaws, you can also run a system scan in authenticated mode, which enables it to authenticate the target host. Authenticated scanning helps the scanner eliminate potential false positives and check patch levels and other misconfigurations.
- Discovery scan
- Discovery scan is a relatively simple scanning process, but one that can make a big difference for your workflow. It helps you to identify all systems and their exposed ports (services) within your network. The network discovery scan creates a report that lists all scanned targets with all services detected. Once all systems on a network have been found, they can easily be transferred to a scan group for vulnerability scanning. The scan results are always compared to the previous scan, making it very easy to spot changes in your network. To support this feature, you can also set up email notifications, for example for when new hosts have been found.
- The Elements Security Center
- The Elements Security Center is the core component of the whole F-Secure Elements Vulnerability Management solution. It is a web-based interface where you can manage (start and stop) scans, browse vulnerabilities, create reports, and much more.
- Internet discovery
- Internet discovery allows you to collect data on public systems through crawling and port mapping. You can use this to find your organization’s internet-facing systems and add them to scan groups for network vulnerability scanning.
- Network scans
- Network vulnerability scans test systems or web applications within your network for vulnerabilities that could be exploited in a cyber attack. Elements Vulnerability Management includes two separate types of network vulnerability scan: system scan and web scan.
- Radar Endpoint Agent
- Radar Endpoint Agent is a Windows client application that provides an additional approach to performing vulnerability scans on devices in your network.
Using an endpoint agent to perform vulnerability scans has certain benefits. For example, some devices may be used largely outside the office, so there is a risk that they are not connected to the network when scheduled vulnerability scans are run. An endpoint agent allows you to monitor these devices even when they are not on the office premises. In addition, this provides improved scalability and performance compared to using only a dedicated scan node to handle all scanning activity.
Endpoint agents also provide more consistent data in environments that use dynamically changing IP addresses. As the agents are tied to specific devices instead of an IP address, the reporting and remediation of vulnerabilities is much easier. This also allows you to collect details about the devices, such as hardware and software, more easily.
- Scan groups
- In Elements Vulnerability Management, all network vulnerability scan targets are stored in logical containers called scan groups. Each scan group can contain both system scans and web scans.
- Scan node
- A scan node is a server with a Scan Node Agent application installed. This application maintains up to three different scanning engines (discovery, system, and web scan) and uses them to execute scans configured in the Elements Security Center. You can attach an unlimited number of scan nodes to the Elements Security Center. You may need multiple scan nodes if you have several network segments or need additional scanning power.
- System scan
- System scan is a network-based vulnerability scanner that is able to scan any system with an IP for common vulnerabilities. System scan’s vulnerability detection is based on both active and passive vulnerability checks. For example, it will attempt to identify the service (product) and its version number. Once identified, the system scan checks if that particular software has any known vulnerabilities. In addition to passive scanning based on banner grabbing, system scan also runs active checks in an attempt to confirm the existence of certain vulnerabilities or system misconfigurations. It can also identify missing security patches and outdated software if authenticated scanning has been enabled.
Note: System scan is non-disruptive and designed not to cause Denial of Service conditions on your systems.
- Scan templates
- Scan templates allow you to easily create several scans, each of which can apply to a specific scenario or part of your network, but share a number of settings. You can create templates for each scan type (discovery scan, system scan, and web scan) as well as scheduling templates that can be applied to any scan.
- Web scan
- Web scan allows you to scan and test web applications. You can use web scans during the development of new applications as part of the development life cycle. This results in being able to uncover vulnerabilities faster, thus significantly reducing the cost and amount of resources required to mitigate vulnerabilities at a later stage, as security issues are caught very early in the process. Web scan is considered an additional scanning feature that can be applied on top of an existing system scan. In other words, it is recommended that whenever you scan a target with a web scan, it should also be scanned with system scan.