Assimilation Cybersecurity provides a broad set of cybersecurity features and advantages to help you secure your systems. Below you’ll find both the current set of cybersecurity features and those from our roadmap. As with all Assimilation products, they integrate closely with each other and with our comprehensive, always-up-to-date and scalable CMDB.
Cybersecurity Features
<td
| Feature | Description | Notes |
| Tight CMDB integration | All our data is stored in the CMDB; our capabilities are tightly integrated with it – minimizing configuration effort, and ensuring data is up to date. | |
| Discovery of all active systems | Every active system (IP address) is discovered on every monitored subnet. 30% of all outsider intrusions come through machines which have been lost track of. Acting on this data significantly reduces your chances of a successful outsider attack. We provide a predefined report which lists all IP addresses not owned by systems running our agent. | [1] |
| Cannot trigger net security alarms | All discovery takes place locally, with no packets sent on the network. Although the Assimilation Cybersecurity software may create alerts of its own, it cannot set off network-based security alarms elsewhere based on its security-related discovery. Our discovery process does not send any packets. | |
| Discovery of checksums of net-facing applications | We discover the checksums of every network-facing binary, library and JAR. This permits auditing of versions and outlier analysis to discover compromised network services or those corrupted by undetected disk errors. | |
| Discovery of active port/services | Allows the creation of tools to perform batch-type validation of existing ports and services on agent-equipped machines against local standards. | |
| Alert on new open ports | Allows the creation of tools to provide real-time verification that new ports and services are in accordance with local standards. | |
| Attack surface visualization | We provide a tool which creates a visualization of the attack surfaces of individual systems. | |
| Discovery of security settings | We discover a wide variety of security settings, ranging from authentication (PAM) settings, to /proc/sys settings, and a variety of other security settings. | |
| Package version discovery | Since we know the version of every package on every machine, and provide standard reports for this information, this can be compared against new security alerts to aid in mitigation planning. | |
| Best practice validation | We provide validation of system configurations against a customizable set of security best practices. This is basically “best practices as code”, that is, we translated best practices to code, and then we evaluate changes to your systems in terms of these coded best practices. Our default rules come from the IT Best Practices project. | |
| Risk scoring and triage | We provide a risk scoring and triage system based off the best practice compliance. Scores are computed based on compliance and triage methods based on efficient methods for reducing risk. | |
| Extensible | Assimilation-Security is easily extended to customize it to collect any security-related configuration or settings that your enterprise needs. | |
| Event API | We provide an event API to receive notifications of changes to discovered objects and statuses such as ports, services, checksums and other security-related entities. | |
| Command line API | We provide a variety of security-related canned reports from the command line. New reports are easily added with basic knowledge of Cypher. | |
| REST query API | We provide a JSON-based REST interface to all our canned queries (shared with the command line). | |
| Notes | ||
| [1] | Not usually available to cloud-hosted agents. |
Cybersecurity Features Roadmap
| Roadmap Feature | Description |
| nmap of new MAC addresses | Each time a new MAC address appears on the network, use nmap to perform an operating system profile on the device. Note that this is intrusive (sends packets) and requires proper authorization before configuring. |
| Extended device characterization | Follow up nmap profile with SNMP and other methods to classify a device in more detail. |
| GUI | For understanding and interacting with security issue statuses and details with a desktop and mobile-aware interface. |
| Security alert service | Provide a service which consolidates vendor security alerts into a single feed. |
| Security mitigation support | Provide alerts based on the security alert service which simplify management of security patches. A child alert would be created for each system which requires a patch. Alerts are automatically resolved as patches are applied. |
| OS support | Add support for operating systems beyond Linux. FreeBSD and Windows come to mind. |
See A Demo
Maybe you’re from Missouri, or maybe you just want to see Assimilation discovery and monitoring in an online demo (it’s pretty exciting!). In either case, we’re perfectly happy to show you. Show Me A Demo!. In addition the most recent two videos include live demos. Or for a personal live demo, contact us, and we’ll set one up for you.
Watch A Video
If you’re a deep techie or maybe just one of those people who really wants to know how the technology ticks, we’ve given pretty deep technical talks on the Assimilation Suite. If so, then by all means we’d be happy to accommodate you. Show Me A Video!
Let’s Talk!
To schedule a free consultation to see if the Assimilation System Management Suite is right for your organization, just press the button!