runZero Team

Rapid Response

How to find D-Link routers on your network

D-Link has disclosed critical and high vulnerabilities in multiple routers. Here's how to find them on your network.

Rapid Response

How to find VMware vCenter assets on your network

Broadcom has issued a security advisory for VMware vCenter that indicates a recent vulnerability is under active exploitation in the wild.

Rapid Response

How to find Palo Alto Network devices running PAN-OS

Palo Alto Networks (PAN) released a security advisory for CVE-2024-0012 that allows an unauthenticated attacker with access to the system's...

Rapid Response

How to find Siemens devices on your network

Siemens has disclosed vulnerabilities for SCALANCE M-800, SIMATIC CP, and TeleControl Server products. Here's how to find impacted devices.

Rapid Response

How to find Fortinet assets on your network

Fortinet has issued advisories for its FortiAnalyzer, FortiAnalyzer-BigData, FortiManager, and FortiOS products.

Rapid Response

How to find Citrix Virtual Apps and Desktops software on your network

Citrix has released an advisory for two vulnerabilities affecting Citrix Virtual Apps and Desktops software.

Rapid Response

How to find SolarWinds Web Help Desk services on your network

CISA has announced that CVE-2024-28987 is actively being exploited in SolarWinds' Web Help Desk software. Here's how to find potentially affected...

Rapid Response

How to find SuperMicro BMCs

Supermicro released a vulnerability advisory for a critical CVE that allows for remote code execution (CVE-2024-36435). Here's how to find impacted...

Rapid Response

How to find OpenPrinting CUPS services on your network

Several vulnerabilities within OpenPrinting CUPS potentially allow for remote code execution. Here's how to find impacted assets.

runZero Insights

How runZero finds unmanaged devices on your network

How do you find unmanaged devices on your network when they aren't accounted for? Learn how you can use runZero to find unmanaged devices on your...

Rapid Response

How to find Ivanti Cloud Services Appliance on your network

Ivanti has disclosed a critical vulnerability (CVE-2024-8963) in its Cloud Services Appliances. Here's how to find it on your network.

Rapid Response

How to find GitLab instances

GitLab issued a new critical patch release to resolve a SAML vulnerability in GitLab software.

Industry

Active scanning industrial control systems safely

Do you still believe active scanning in OT environments isn't safe? We all know passive scanning is difficult to deploy, misses assets, and is...

Rapid Response

How to find Microsoft Windows 10, version 1507 systems on your network

On September 10, 2024, Microsoft disclosed a vulnerability affecting Windows 10, version 1507. Here's how to find affected assets on your network.

Rapid Response

How to find SonicWall devices on your network

SonicWall disclosed a vulnerability in their SonicOS management access and SSLVPN products that could lead to unauthorized resource access, runZero...

Rapid Response

How to find Veeam software on your network

Veeam has disclosed several vulnerabilities in its products, ranging from high to critical in severity. Here's how to find affected products on...

Rapid Response

How to find D-Link DIR-846W routers on your network

D-Link has disclosed several vulnerabilities regarding their DIR-846W routers. Here's how to find them on your network.

runZero Insights

How to use runZero to verify network segmentation

There are many benefits of network segmentation, and fact checking proper implementation can be a difficult, arduous task. runZero is here to help...

Product Release

Introducing the customizable dashboard, Wiz integration, and more!

Introducing the customizable dashboard, Wiz Integration, and other Q2 2024 enhancements to the runZero Platform.

Industry

Upcoming NYDFS regulatory requirements on asset inventory and vulnerability enumeration

Is your business prepared for the approaching deadlines for complying with the latest version of the NYDFS Cybersecurity Regulation (23 NYCRR 500)?...

Industry

Why is cybersecurity compliance challenging for financial institutions?

Let’s explore the complicated and continually evolving regulations, laws, and standards financial institutions face with cybersecurity compliance.

runZero Insights

Top 8 Podcasts Picks of 2023: Navigating the Cybersecurity Soundscape

Here are our top eight cybersecurity podcast episodes for your holiday podcast playlist to kick back and listen to while you sip on some eggnog.

Life at runZero

The Quest for Yeti

Meet the newest rockstar on our squad: Zeti, the runZero Yeti! 🎉 This sub-zero hero is now our official mascot, and we’re excited to give you the...

Product Release

runZero 4.0: Introducing the runZero Platform and Community Edition

The new and improved runZero Platform represents the culmination of four years of innovation, so it’s only fitting this is version 4.0 of our...

runZero Insights

The cybersecurity tools inefficient for CAASM

Each article in this roundup explains the downsides of common tools as they pertain as effective CAASM solutions, and how runZero, a complete CAASM...

Industry

Asset inventory in higher education is a PhD-level problem

Universities have more complexity and less control than a company with a collection of offices. So they need cybersecurity tools and services to...

runZero Insights

Best free network scanners for security teams

In this article, we compare and contrast several free tools and provide our take on why we believe runZero is best suited for corporate security...

Product Release

runZero 3.10 New integrations page, UX improvements, Black Hat 2023!

What’s new in runZero 3.10? Integrations page and menu updates, a redesigned Explorer detail page, and a peek at what’s coming soon!

runZero Insights

Why NACs are inadequate for cyber asset attack surface management

NACs aren’t the best at asset discovery. Allowing or denying access to the network on Layer 2 is their primary function, but finding everything on...

runZero Insights

Closing the gap Power your CMDB with CAASM for better ROI

According to Gartner, only 25% of organizations achieve meaningful value with their CMDBs. Let’s dig into why and how a CAASM solution can improve...

runZero Insights

Limitations of vulnerability scanners in attack surface management

Beyond a lack of detail, vulnerability scanners sometimes simply get it wrong; crashing devices, providing a backward-looking view, finding phantom...

Product Release

runZero 3.9 Set measurable goals, find urgent issues, and preview of Attack Surface Management!

What’s new in runZero 3.9? Tracking goal progress, preview of Attack Surface Management, and new Rapid Responses!

runZero Insights

Why spreadsheets are bad for cyber asset attack surface management

An accurate and full asset inventory is vital for an effective security program. Understand the risks and limits of using spreadsheets to manage...

runZero Insights

Why EDR agents are inadequate for cyber asset attack surface management

...

runZero Insights

runZero’s week at RSA 2023 killer robots, time machines, and natural disasters

Watch Chris Kirsch chat with Chris Nickerson, then Roger Rustad to talk pentesting “war stories”, and how runZero has helped the Fortinet team.

Product Release

runZero 3.8 Identify and triage your riskiest assets, track goals, identify even more things, and delete your password

What’s new in runZero 3.8? Identify and triage risky asset, public preview of goal tracking, protocol improvements, new and improved fingerprints,...

runZero Insights

Asset inventory is foundational to security programs

Asset inventory is the foundation of a strong cybersecurity posture. It is often considered the first step in identifying vulnerabilities and...

Product Release

runZero 3.7 Custom integrations and SDK

What’s new in runZero 3.7? Custom integrations and the Python SDK, ServiceNow Service Graph Connector for runZero, protocol improvements, and new...

Product Release

Introducing runZero's new ServiceNow Service Graph integration Get greater data accuracy for your CMDB

runZero now integrates with ServiceNow Service Graph. This integration is a powerful tool to gain better visibility into IT, IoT, and OT assets and...

Product Release

runZero 3.6 Introducing organizational hierarchies

What’s new in runZero 3.6? Organization hierarchies, CrowdStrike integration improvements, operating system CPE assignment, new protocols and...

Product Release

How to streamline user permissions with organizational hierarchies

Organizations allow you to create separate entities for your assets, while also allowing you to control what users can see and do with the data....

Industry

The role of asset ownership in the Equifax breach

Equifax lacked adequate cyber asset management practices, including a comprehensive IT asset inventory. As a result, when CVE-2017-5638 was...

Industry

Get to full asset inventory by combining active scanning with API integrations - Part 4

A dual approach is the best way to make sure you meet the requirements outlined by CISA BOD 23-01. Learn why you need more than just API...

Product Release

How to track asset ownership with runZero

Asset inventory is the first step to getting context around a device. But what about who owns it? Knowing who is responsible for an asset is as...

Industry

Why an integrations-only approach isn't enough for full asset inventory - Part 3

Your CAASM may not be enough to help you meet the requirements outlined by CISA BOD 23-01. Learn why you need more than just API integrations for...

runZero Insights

Single source of truth? The truth about CMDBs

Are you using a Configuration Management Database (CMDB) for IT asset inventory? The truth is that it's not enough to cover all your bases. You...

Product Release

Speed up pentesting with runZero

runZero may not be the first tool you think of when you talk about penetration testing but we have several ways of helping with reconnaissance....

Industry

Why vulnerability scanners cannot provide comprehensive asset inventory - Part 2

Vulnerability scanners use checks to test for specific CVEs. They were not built with asset inventory in mind. Vulnerability scanners typically...

Industry

Why runZero is the best way to fulfill CISA BOD 23-01 requirements for asset visibility - Part 1

CISA BOD 23-01 requires better asset inventory and vulnerability management practices. This six-part series dives into why runZero is the best...

Industry

CISA BOD 23-01: Why vulnerability scanners miss the mark on asset inventory

Most agencies will attempt to leverage existing solutions, like their vulnerability scanners, to build their asset inventories. It seems reasonable...

Product Release

runZero 3.4 Vulnerability import from CrowdStrike Spotlight (plus something for everyone)

What’s new in runZero 3.4? Vulnerability import from CrowdStrike, integration improvements and enhancements, OAuth Client Secret authentication,...

Product Release

A 365-degree view of your Microsoft environment

As the scope of corporate networks has been constantly expanding over time, the challenge of maintaining an accurate asset inventory and...

Industry

CISA BOD 23-01 requires asset visibility and vulnerability detection as foundational requirements

CISA released the BOD 23-01 in an effort to stengthen the national security posture with new asset inventory and vulnerability management...

Product Release

runZero 3.3 Unmatched visibility into your Google ecosystem

What’s new in runZero 3.3? Visibility into Google Workspace, fingerprinting for Google assets, identification of OpenSSL services, and improvements...

runZero Insights

Which discovery approach works best for unmanaged devices?

Unmanaged devices are the Achilles heel of any asset inventory. Shadow IT, rogue, or orphaned devices are easy targets for the adversary to gain...

Product Release

Introducing the runZero Infinity Partner Program

The runZero Infinity Partner Program provides partners with the resources, enablement, content, training, and support to deliver a powerful cyber...

Product Release

runZero 3.2 A 365-degree view of your Microsoft environment

What’s new in runZero 3.2? Integrations with Microsoft 365 Defender and Microsoft Intune, querying and reporting for Active Directory users and...

Product Release

How to scan your external attack surface with runZero

runZero is an internal asset inventory and network discovery tool, but has the ability to discover public-facing hosts as well. In this article,...

Product Release

Find endpoints missing CrowdStrike with runZero

Do you know which endpoints are missing a CrowdStrike agent? Follow this integration guide to find endpoints that are missing CrowdStrike in three...

Product Release

runZero 3.1 Sync Active Directory, import assets from Shodan, and launch integrations from Explorers

What’s new in runZero 3.1? Integration with Active Directory, asset imports from Shodan, and integration scan probes!

runZero Insights

Transient cyber assets: managing the unmanageable

Transient assets can introduce unique challenges to tracking asset inventory and securing your network, especially in the education sector....

Rapid Response

How to find Ubiquiti devices on your network

Earlier this year, Ubiquiti, a popular networking equipment manufacturer for businesses and consumers, disclosed a security breach that potentially...

runZero Insights

Strengthen your vulnerability management program with asset inventory

Vulnerability scanning plays a crucial role in any enterprise security program, providing visibility into assets that are unpatched, misconfigured,...

Life at runZero

runZero rebrand FAQs What you need to know

Now that the big news is out, we want to explain what these changes will mean for you. Our goal is to ensure that our rebranding efforts have a...

Product Release

Rumble Network Discovery is now runZero!

It feels so good to be able to finally share the news with everyone! We have been busy reimagining, designing, and building our new brand, and we...

Product Release

runZero 3.0 Check out our new name, and sync assets, software, and vulnerability data from Qualys

Rumble is officially runZero! This name change reflects our growth as a product and as a company.

runZero Insights

Finding all the things the role of IT asset discovery in your organization

As organizations grow and change, it becomes increasingly difficult for IT teams to keep track of what assets exist on their network. The...

Product Release

Rumble 2.15 Sync assets, software, and vulnerability data from Rapid7

Sync assets, software, and vulnerability data from Rapid7 InsightVM and Nexpose Quickly identify and report externally exposed assets and services

runZero Insights

Shadow IT what’s lurking on your network?

Shadow IT poses an immense risk to the security of organizations around the world, but few teams feel prepared to tackle the problem. A Deloitte...

Product Release

Rumble 2.14 Sync assets, software, and vulnerability data from Tenable

Sync assets, software, & vulnerability data from Tenable Discover external assets with Rumble cloud-hosted scanners and more.

Product Release

A prize-winning community integration between runZero and Microsoft Sentinel

Josh Lucas, a cybersecurity engineer at Loop Secure, recently took first place in Microsoft’s Sentinel Hackathon for his submission, “[runZero]”...

Product Release

Rumble 2.13 Sync assets & software from SentinelOne, track more cloud resources, view cross-organization inventory, and schedule automated reports

Sync asset and software inventory from SentinelOne Explore software identified through runZero scans and much more.

Product Release

Your guide to IT asset discovery tools

You need to know what’s connected to your network to manage or secure it. Surprisingly, many system administrators still manually update...

Product Release

Rumble 2.12 Generate organization reports, create scan templates, synchronize GCP, and invite external users

Generate Organization Overview Report for stakeholders, create scan templates to simplify scan management and more.

Life at runZero

runZero and Noetic integrate to automate workflows that solve coverage gaps

Lack of visibility, correlation, and automation are major hurdles impeding security vulnerability identification and mitigation. Existing tooling...

Product Release

Rumble 2.11 Identify outliers, trace network paths, and streamline SSO user provisioning

Identify outliers to find misconfigurations, missing patches, and rogue devices and more.

Product Release

Rumble 2.10 Uncover IPv6 blindspots and manage permissions with user groups

Discover IPv6 assets anywhere, group users to easily manage permissions and much more.

Product Release

Rumble 2.9 Compare internal and external attack surfaces

Compare assets to find exposure differences, visualize your network with updated topology reports and more.

Product Release

Rumble 2.8 Synchronize your VMware inventory, import Censys scan data, and run RFC 1918 scans faster

Integration improvements, synchronize your VMware virtual machine inventory and more.

Product Release

Rumble 2.7 New dashboard, multi-subscription Azure, AWS ELBs, Splunk add-on improvements, and faster discovery for Rumble Professional

User experience improvement, get insights, trends, and visualizations from your dashboard, and more.

Product Release

Rumble 2.6 Integrate with Microsoft Azure Cloud, identify EOL assets, self-host in offline mode, and detect more protocols

Synchronize your Azure VM inventory with Rumble and much more.

runZero Research

BlackHat gems HP iLO 5 vulnerabilities

Each year, August arrives with promises of hot weather and cool security research talks. The DEF CON, Black Hat, and BSidesLV security conferences...

Product Release

Rumble 2.5 Identify endpoint protection agents, detect wireless & mobile Internet, and scan all your EC2 accounts

Identify endpoint protection agents via integrations and unauthenticated scans and much more.

Rapid Response

How to find SolarWinds Serv-U systems on your network

Microsoft recently notified SolarWinds that they had discovered a remote code execution vulnerability in Serv-U Managed File Transfer and Serv-U...

Product Release

Rumble 2.4 Achieve better visibility for cloud and endpoint assets

Rumble’s integration efforts to date have been focused on bringing network inventory to platforms like Splunk and ServiceNow.

Product Release

Rumble 2.3 Find all internal subnets–fast

This release primarily focuses on helping you quickly find all internal subnets with minimal network traffic.

Product Release

Rumble 2.2 HP iLO Analysis, Virtual Machine Fingerprinting, and VLAN Tracking

Rumble 2.2 is available with improved analysis capabilities for HP iLOs, virtual machine fingerprinting support, automatic VLAN membership tracking...

Product Release

Get slack notifications for new or modified devices

With our Rumble 2.1 release, we added alert templates. That means you can receive custom Slack messages to alert on events you care about, like...

Product Release

Collecting Device Serial Numbers and Asset Tags over SNMP

A few weeks ago, one of our customers asked us if we could pull serial numbers out of Cisco devices because this would be very useful for their...

Product Release

Automate tagging asset owners and alerting on orphaned devices

Tags help you to organize your asset inventory, allowing you to quickly search, group, and flag assets.

Product Release

How to Find Duplicate SSH Host Keys on Your Network

Rumble Network Discovery collects a ton of information by default. SSH versions, pre-authentication banners, and SSH host keys are collected...

Product Release

Monitor Rogue Remote Access Solutions on Your Network

As of release 1.15.3, Rumble Network Discovery now detects the TeamViewer protocol on your network in addition to the existing coverage for RDP,...

About runZero Team

Latest Stories