Lack of visibility, correlation, and automation are major hurdles impeding security vulnerability identification and mitigation. Existing tooling often imprecisely fingerprints anything but common devices like standard-issue workstations. Some tools miss unmanaged and orphaned devices entirely. Identification coverage gaps for an attack surface are all too typical as a result. Leveraging additional sources of asset data can help but only if properly chained together for actionable insights that may be automated for effective mitigation.
Better asset data and coverage for your cyber risk management programs #
runZero is a cyber asset attack surface management solution that helps security and IT teams know every asset and stay on top of changes in the network. Noetic is a cyber security asset management and controls platform that delivers visibility into cyber security posture, cloud and on-premise environments, using existing insights from IT management and security tools. Together, runZero and Noetic can identify coverage gaps and automate workflows to address them.
Most asset inventory solutions have gaps in what they detect. runZero covers all of your bases, including managed and unmanaged devices, IT and OT infrastructure, devices at work and at home. On top of accurate OS and service fingerprints, runZero learns attributes such as installed anti-malware products, secondary network interfaces, and Windows domain memberships.
Network and asset discovery with runZero #
runZero fits well into any organization. Many asset inventory solutions use aggressive scan tactics that can destabilize some IT and OT devices. runZero only sends well-formed IP packets and does not use security probes. The proprietary unauthenticated scanner means no agents on every device, no collecting passwords from different teams and organizations, and no access to SPAN ports in your sprawling network. runZero offers easy deployment for fast and accurate asset inventory.
How runZero and Noetic work together #
Noetic's integration with runZero offers out-of-the-box functionality for immediate value in the form of queries, workflows, and functions. Using provided queries, users can quickly see which assets are already scanned or still to be scanned by runZero. Predefined workflows allow Noetic users to ingest all supported entities from runZero, but that is not all. Noetic provides a bidirectional connector to runZero, so users can also queue a scan on a runZero Explorer directly from Noetic.
The agentless connector also exposes underlying capabilities of runZero to support integrated workflows that link capabilities across multiple solutions. An organization can automatically create a ServiceNow ticket for orphaned or unmanaged assets through visibility from runZero combined with Noetic's workflow engine. Similarly, an organization can automatically identify devices missing an EDR agent and remediate with automated deployment, with no human intervention.
Aside from workflows for continuous improvement, Noetic provides updated views of cyber risk. Noetic's runZero integration provides a dashboard to see high-level statistics to highlight previously unknown assets, possible rogue wireless access points, and security coverage gaps. Beyond the dashboard, Noetic correlates and aggregatesDo the runZero asset inventory with data sources for a multi-dimensional, holistic view of the entire cyber estate.
How to set up the integration #
To link Noetic and runZero, enable the runZero connector in the Noetic platform. You will need to provide a runZero API key to link the two applications, you can then schedule a regular import feed to ensure your data is fully up-to-date.
The runZero connector comes with out-of-the box workflows, queries and functions that are designed to take advantage of runZero's capabilities, such as ingesting specific data types or scheduling additional scans.
