Nmap + Risk I/O = Peanut Butter + Chocolate

Ed Bellis    September 3, 2013

No, I’m not speaking of a fancy new risk formula, but rather about one of our most popular integrations: Nmap.

Nmap can be a pretty powerful tool for asset discovery and figuring out what services and ports are open across your network. It can also be a great way to find configuration issues that could result in security weaknesses for your environment. By combining Nmap with NSE scripts you can even pull Common Vulnerabilities and Exposures (CVE) in some cases.

In Risk I/O, we add context to your vulnerabilities in order to prioritize the most critical.

You can now filter your assets by service name, port, protocol, and product.

Adding data from vulnerability scanners can make for a more complete picture and help factor in to remediation decisions. This is where Risk I/O plays a starring role. Combine this with some news ways to slice-and-view the data within our asset tab to get that holistic view of your network. You can now filter your assets by Service Ports, Service Names, Protocols and Products among other things. Want to see where telnet might be exposed in your DMZ or understand where you might be running a prohibited service? It’s as simple as a single checkbox in Risk I/O.

While filtering can make issues easy to find, there are also side benefits to this. For example, we learned many of our customers in the Energy sector are using this as part of their compliance efforts with their NERC CIP ports and services requirement (PDF). By identifying those through these easy-to-use filters and saving that as a saved search, they have a single click to provide the necessary documentation to their auditors or identify any prohibited services. I’ve included a very brief video below on doing just that.

If you’re already a Risk I/O customer, give the new facets in the asset tab a try. I’d love to hear about any use cases you may have. If you’re not currently a customer, you can sign up for free and give it a spin.

2 thoughts on “Nmap + Risk I/O = Peanut Butter + Chocolate

  1. nathan

    great feature guys. what is the possibility of incorporating asset metadata (ports, services, etc.) from other tools such as nexpose and qualys?

  2. Ed Bellisebellis Post author

    thanks @nathan and you’re way ahead of us. That is indeed in the works based on the data coming in from the various vulnerability scanners. We’ll let you know as we get closer.

Leave a Reply

Your email address will not be published. Required fields are marked *