NormShield is not just about vulnerability management. It also has Continuous Perimeter Monitoring and Cyber Threat Intelligence services none of which completely open to on-premise usage. The below image shows an example CPM Dashboard;
Some of the services (not sub-services) included by Continuous Perimeter Monitoring (CPM) are;
- Domain & SSL Monitoring: Monitoring domain and ssl certificates for changes and critical notifications
- Information Gathering: Gathers information about your system using NormShield defined assets as the baseline
- Passive Scan: Finding existing or new published vulnerabilities of service versions without active scanning
- Portmap Scan: Periodic or on-demand scanning of assets for new ports
- Service Scan: Periodic scanning of assets for new services and their versions
- Social Media Defacement: Monitoring already defined twitter accounts for possible ownage
- SSL Grading: Grading supported SSL algorithms and configurations on defined assets against security weaknesses
- Uptime Monitoring: Monitoring whether a defined asset is up or down
- Url Asset Activity Monitoring: Monitoring changes in web assets DNS entries
- Weakness Gathering: Detection of security weaknesses on already defined assets Weakness Gathering - CMS Weakness : Detection of CMS related, such as WordPress or Joomla, security weaknesses on already defined assets
- Web Defacement: Monitoring already defined web sites for possible ownage
All of these data when the related service and sub-services enabled are collected in the CPM Dashboard as a part of SecOps.
As in the vulnerability management dashboard, shown information are presented as row by row.
The first row contains badges.
The first badge includes the NormShield CPM score for the current company. CPM Score is calculated as a collective formula based on the number of assets, open ports, open critical ports, SSL grades, remaning days to expiration dates of SSL certificates and domain registrations. The bigger the number, the more likely to have risks on the overall assets.
The second badge includes the total number of assets. This number includes the inserted URLs, IP addresses by the user or the administrators as well as the assets, such as subdomains, name servers, etc. found by the NormShield information gathering service.
The third badge contains the number of web assets as URLs. The fourth badge includes IP assets whereas the fifth badge contains the number of SSL enabled assets. And the last badge includes the number of domains in the current company.
The second row is divided into three parts.
The first part lists the top 10 open ports as a weighted treemap. The second part contains the satellite map of the locations of the assets. Lastly the third part lists the SSL grades of the SSL enabled-sites as a weighted treemap.
The third row is divided into multiple boxes containing numbers from various data.
- NS is the number of name servers used,
- MX is the number of MX servers used,
- Social Accounts is the number of social accounts registered and monitored
- Min SSL Expiration is the minimum remaining days of SSL certificates to expire (- means expiration date has passed)
- Min Domain Expiration is the minimum remaining days of Domain registrations to expire (- means expiration date has passed)
- Up/Down Assets is the ratio of up assets to down assets if they are being monitored
- Critical/Open Ports is the ration of open critical ports (such as 445, 3389, etc.) to overall open ports
The fourth row contains the network trace map towards different target company CIDR blocks stemming from the NormShield server.
The tabs contains the different CIDR blocks that the company network assets fall into. Clicking each one of them will yield the traceroute results starting from the NormShield server shown on the map as routes. The left hand-side contains clickable assets on the way from NormShield server to a single IP in the target CIDR.
The fifth row contains the relation of domains, IP addresses, FQDNs, name servers, mx servers, subdomains to each other as a undirected graph. The different asset types are shown as different weighted nodes in different colors.
The last row has two parts. The first part contains the domains and found subdomains. The second part contains the bar graph of open SSL weaknesses.