runZero 3.9 Set measurable goals, find urgent issues, and preview of Attack Surface Management!

|
Updated

What's new with runZero 3.9? #

Goals! #

runZero Professional and Enterprise customers can now use Goals to set time-bound and query driven targets that are customizable to what matters most to your team. Huge thanks to all of the folks who provided feedback on this feature during the public preview phase.

Goals can be created based on any queryable attribute within runZero. This includes standard fields like operating system versions, end-of-life status, exposed services and protocols, as well as new fields like asset risk, criticality, and ownership. If you can query for it in runZero, it can now be a Goal!

Common goals include:

  • Managing expiring TLS certificates
  • Tracking end-of-life devices and operating systems
  • Remediating Critical Risk on assets within a set timeframe
  • Keeping open management services off of your public facing assets
Expiring TLS Certificate goal

Attack Surface Management preview #

Attack Surface Management (ASM) is the process of discovering, classifying, and assessing the risks across different surfaces of your IT infrastructure. Although runZero supports ASM efforts through external scanning, internal RFC 1918 discovery, and integrations, the platform did not offer a unified workflow or dashboard until now.

The preview version of ASM provides a simple path to define different attack surfaces throughout your organization, providing an overview of risk and coverage along with several custom goals to monitor and communicate your progress. This feature will be in preview until August and will launch publicly as part of runZero 4.0.

If you are a runZero Enterprise customer and are interested in reviewing this feature and providing feedback, please reach out to your CSE or or runZero Support. Participants will be asked to complete a short feedback form after reviewing the feature.

Managing your attack surfaces in runZero

Rapid Responses #

The runZero research team has shared three new Rapid Response posts since 3.8. These posts cover critical, actively exploited vulnerabilities:

Protocol improvements #

runZero now supports the InterMapper and Room Alert protocols, as well as legacy protocols such as time, daytime, chargen, and quote of the day.

runZero's printer support has been improved, enabling protocol detection on ports normally associated with direct print services. This change allows for more accurate detection of Elastic Search, Neo4J, and LogStash services.

In addition to the changes above, runZero now consistently normalizes the AirPlay protocol fields and gathers even more details using the DNS protocol.

Fingerprint improvements #

New fingerprints were added for products by Allen-Bradley, Alma, Amazon, Apple, Avaya, Avigilon, Avocent, Axess TMC, Bodot, Bond, Canon, Canonical, Cisco, ComNet, Dell, Digital Loggers, Eaton, Epson, F5, Fedora, FreeBSD, Fortinet, Google, Hanwha Techwin, Honeywell, HP, HPE, IBM, Johnson Controls, Konica Minolta, LG, Lidarr.Audio, LinkTap, Microsoft, MikroTik, Moxa, NetBSD, Oracle, Panasonic, Philips, Pioneer, Poly, Progress Software, Proxim Wireless, Proxmox, Radwin, Red Hat, RetailNext, Riverbed, Rocky, Samsung, Schneider Electric, Scientific, ScreenBeam, Siemens, Sierra Wireless, SMC Networks, Sony, Standard Networks, SUSE, Tait Communications, Traficon, Tulip, VivoTek, Western Digital, Vasion, Xiaomi, ZeeVee, and ZKTeco.

See runZero 3.9 in action #

Release notes #

The runZero 3.9 release includes a rollup of all the 3.8.x updates, which includes all of the following features, improvements, and updates.

New features #

  • runZero goals are now generally available. With runZero goals, users are able to create and monitor progress toward achieving security initiatives.
  • Improved the goal progress chart display to work in various browser sizes.
  • Goals now shows a pending calculation banner when goal metrics have not been calculated yet.
  • Added source_count and custom_integration_count as searchable fields.
  • Saved queries can now be created for tasks.
  • The search keyword recur_last_task_status is now supported on the task pages.
  • Improved the display of dashboard charts so that no partial rows, other than the last row, are visible to the user regardless of the number of charts displayed.
  • Improved fingerprinting of Fortinet device firmware.
  • Optimized database utilization and improved performance.

Product improvements #

  • Non-runZero asset sources can now be removed from assets via the asset details or asset inventory pages.
  • Equivalent emails are now accepted for email updates.
  • Dashboard cards for Asset Source and Custom Integrations should now correctly show only the top 10 counts for each, with a View more link added.
  • A warning is now displayed if a Query is not attached to a Goal.
  • Users with Viewer permission can now see and use the Sites page.
  • Improved reliability of scans so they should stall less frequently.
  • The activation email should display properly in a broader range of email clients.
  • Improved operating system fingerprinting via SNMP Installed Software listing.
  • The status indicator in the explorer datagrid now has text describing the status.
  • External Asset Report Include screenshots toggle now requires that Include asset details is checked.
  • External Asset Report now hides the Top certificate authorities section if Include TLS certificate details is not checked.
  • Outlier calculations have been adjusted for performance and now include the TLS stack.
  • Event rules that result in asset modifications now complete faster.
  • The Npcap driver has been updated to version 1.75.
  • Improved device type identification of Windows Server assets.

Integration improvements #

  • Improved SentinelOne matching to improve asset merging.
  • AWS credential validation now always shows the results for each service.

New vulnerability queries #

  • Hardware: End-of-Life Cisco Small Business Switches
  • Policy: Sun Solaris sadmind RPC service
  • Policy: HashiCorp Consul (unauthenticated)
  • Policy: Cisco Smart Install service
  • Policy: CNCF etcd v2 (unauthenticated)
  • Unpatched: Click Modular Router shell (unauthenticated)
  • Unpatched: HID VertX/Edge controllers vulnerable to command_blink_on command execution

Bug fixes #

  • A bug causing Cisco 8xx Industrial Routers as well as Catalyst 94xx/95xx switches to be incorrectly merged has been fixed.
  • A bug where the autocomplete drop down would not always appear on top of other elements has been resolved.
  • A bug where integration sources in dashboard views are displayed as IDs instead of names has been resolved.
  • A bug where data grid search text would propagate to other data grids has been resolved.
  • A bug causing some text inputs to display an autocomplete user experience when it was not intended was resolved.
  • A bug that could allow merging AWS, Azure, and GCP assets has been resolved.
  • A bug which omitted some SNMPv3 scan attributes has been resolved.
  • A bug which caused some project creations to return a 404 error page has been resolved.
  • A bug causing incorrect HTTP response codes for the /org/metrics/{site_id} API endpoint has been resolved.
  • A bug which cleared the organizations table screen when sorted has been resolved.
  • A bug preventing vulnerabilities from sorting correctly on CVSS columns has been resolved.
  • A bug where scan tasks on hosted zones couldn't be stopped has been resolved.
  • A bug preventing vulnerabilities from sorting correctly on CVSS columns has been resolved.
  • A bug that could result in excessive memory usage has been resolved.
  • A bug that resulted in certain models of Cisco routers being incorrectly merged has been resolved.
  • A bug in which AWS probes fail when run outside of an AWS EC2 environment has been resolved.
  • A bug which prevented IPv6 UDP SYN scans from working on FreeBSD and OpenBSD systems has been addressed.
  • A bug where autocomplete suggestions would not update consistently has been resolved.
  • A bug causing the "download task button" to show for tasks without a log has been resolved.
  • A bug that could cause the SNMP probe to panic in rare scenarios has been resolved.
  • A bug that could cause the SNMP probe to stall scans in rare scenarios has been resolved.
  • A bug that caused scans to take longer than expected or stall in rare scenarios has been resolved.
  • A bug that could prevent the organization dropdown from being clickable has been resolved.
  • A bug that could prevent the rpcbind probe from completing successfully was resolved.
  • A bug with copying some connector tasks has been resolved.
  • A bug causing some connectors to be labeled as scans has been resolved.
  • A bug causing the API /org/hosted-zones endpoint to return an empty list of hosted zones has been resolved.
  • A bug that could result in an invalid asset ownership assignment has been resolved.
  • A bug that could prevent a RUMBLE_CONSOLE override from working in the Explorer configuration has been resolved.
  • A bug that prevented sites with more than 1000 subnets from being saved has been resolved.
  • A bug that could result in odd dashboard chart behavior has been resolved.
  • A bug that required self-hosted users to configure SMTP before setting up their initial account has been resolved.
  • A bug that caused some scan task errors to be displayed twice has been resolved.
  • A bug that could prevent bogus services from certain firewalls from being completely filtered has been resolved.
  • A bug where Asset queries for exact strings was performing a fuzzy search has been fixed.
  • A bug that could cause malformed auto-populated LDAP thumbprints for LDAP credentials has been resolved.
  • A bug that prevented credential validation errors from displaying after verification in the console has been resolved.
  • A bug where searching via clicking on a tag would not return the correct results has been resolved.
  • A bug where multiple subtasks were incorrectly created for the same parent task has been resolved.
  • A bug where filters were not retained when importing a Nessus scan configuration has been resolved.
  • A bug that prevented copying of some connector tasks has been resolved.
  • A bug with linking to the update page on some connector tasks has been resolved.

Written by runZero Team

Due to the nature of their research and out of respect for their privacy, runZero team members prefer to remain anonymous. Their work is published under the runZero name.

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.
runZero Insights
How runZero finds unmanaged devices on your network
How do you find unmanaged devices on your network when they aren't accounted for? Learn how you can use runZero to find unmanaged devices on your...

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved