Protecting your systems from attack is an ongoing responsibility, not a one-time event. Most vulnerability solutions in the market today conduct periodic vulnerability scans. Catbird Networks’ continuous monitoring is different.
To lock down your internal computers and externally exposed systems, Catbird Networks' Intelligent Vulnerability Monitoring goes beyond traditional vulnerability assessment and monitors your network every day, all year long. This is effectively an audit of your security installations 365 days a year.
Moreover, the Catbird solution is intelligent, establishing an initial baseline configuration and sending instant notifications if there are a ny subsequent deviations from this baseline. This approach yields significantly faster scans, with significantly more comprehensive historical data. Security administrators take immediate action while also maintaining an archive of their activities, invaluable for later reviews with management or industry audits.
Real protection requires constant surveillance. Catbird is the only solution in the industry that continually watches your network while also monitoring the vulnerability advisories. If your network changes, we take action. If a new vulnerability is released, we take action. We provide vulnerability protection to keep you locked down every day of the year.
Catbird’s Intelligent Vulnerability Monitor is unique in scanning for vulnerabilities introduced within the customer’s own network, as well as those originating from the public Internet. Catbird scans both the public Internet-facing ports (External Scan) as well as the private ports that are exposed only in the customer’s own LAN (Internal Scan).
In addition, for efficiency and ultimate security, Catbird also provides two kinds of scanning of external ports: a Complete Scan or a Range Scan. A Complete Scan will scan all 65K ports and is typically used for IP addresses which are in use and which face the public Internet. A Range Scan will scan only the “well-known” ports (i.e., port 80 for http traffic, port 25 for mail traffic, or whatever an administrator designates). A Range Scan would typically be used to check unused IP addresses allocated to a customer to make sure they are not being exploited.
Hackers use automated tools to search the Internet looking for systems to victimize. Catbird’s IVM service uses the same approach, scanning customers from the vantage point of a hacker. Catbird then notifies the customer about any potential problems, preventing him from becoming the hacker’s latest victim.
Intelligent Vulnerability Monitoring starts by scanning the environment for thousands of known vulnerabilities, with new ones added daily. If a weakness is detected, Catbird sends a detailed report with suggested solutions. Each weakness is classified based on ratings from CERT and NIST. System administrators can then make their own informed decisions on which of these weaknesses to address, and when. Then, Catbird’s sophisticated database system will record what actions were taken, providing a comprehensive historical archive as well as a reference for ongoing maintenance.
Once the network is locked down, Catbird monitors it 24/7/365 to make sure it remains secure. That is, whenever a new vulnerability is issued to Catbird’s database, Catbird will automatically review all of the open Internet-facing ports and perform an automatic targeted vulnerability scan to determine if the new vulnerability applies to a customer’s systems. If it does, the customer will find out immediately.
Via the Port Scan Monitor built into the Intelligent Vulnerability Monitor, Catbird watches both your port status and the potential vulnerabilities in open ports. In the case of a new port opening, the customer is notified immediately. This alert is followed by a targeted vulnerability analysis of this specific port to let the administrator know of new vulnerability exposures.
Because a firewall has over 64,000 potential points of entry, a port that is locked down today may not be secure tomorrow. There are typically over 50 new potential vulnerability threats reported every week. Many of the vulnerabilities introduced are not caused by malicious attacks. What can accidentally open ports and expose your network?