Another plus with Nodeware is the ease of deployment and its nice graphical interface. It presents an overall “security posture” with a score from zero to 999. You can drill down to any given device to see its reported deficiencies (indicated as low, medium, high, or critical risks). Then you can drill down further to see each potential vulnerability reported and suggested remediations, or in some cases just read up on why you can’t fix it (see below).
This might, for example, help you discover your networks are rife with self-signed certificates or older cypher suites, or missing AMT patches—all highly valuable information for anyone securing networks. But there are some challenges too. Many reported deficiencies (especially low-risk ones) are simply informational and cannot be patched. And there are still occasional errors in device or OS reporting. Keep in mind as well that each time you deploy these you will be creating work for your team, but it will be important work that will benefit you—and your customers—in the longer run.
Step 3: Selling This Solution
This solution has helped me present complex information in a graphical way that our clients can easily grasp. By showing them the device interface, as well as describing some of the issues it uncovers, I can “put a face” on some of these more abstract concepts for them. For example, with “deprecated protocols” I explain how ransomware encryption attacks can spread on networks still running Common Internet File System (aka SMBV1) and how important it is to remove that. And who doesn’t like seeing a nice dial with a 960 score on it?
As with any other type of selling, bundling is likely to be the way you want to deliver this service. At Net Sciences, I package Nodeware as two separate services: internal vulnerability scanning with new device alerting, and on-demand external vulnerability scans. The external scan lends itself to some wonderful storytelling, by the way; I still lean on the Bellagio hack through the fish tank thermometer for this. I bundle Nodeware with firewall log analysis and response (subject of the next article in this series) and offer them together as our Advanced Security Package.
Setting up the appliance is easy. Set a LAN address on the device to match the subnet you’re monitoring. Then configure the device in your reseller portal and you’re there.
Nodeware is not without flaws, including its tendency to cross subnets if you have site-to-site VPNs in place, and some “noise” that you’ll need to turn down over time. You’ll also have to decide if you want to leave new device alerting on if you are monitoring a Wi-Fi subnet with frequent guests.
But with the ability to offer continuous internal vulnerability scanning, new device alerting, and on-demand external vulnerability scanning all in one device, you’ve just taken a great leap forward in your security offerings.
JOSHUA LIBERMAN is president of Net Sciences, founded in 1996. A 25-year ASCII Group member, former rock climber and martial artist, and lifelong photographer, Liberman has visited five continents and speaks many languages. He also writes and speaks in the IT field and raises Siberian Huskies with his wife Heidi, who calls him the Most Interesting Geek in the World.
Opening image: Courtesy of Infinite Group