Would You Like Some Free Help Mapping Your Domain Surface?
The first step in evaluating the cybersecurity of any organization is getting the lay of the land: enumerating assets, identifying critical (or unfamiliar) services, and making sure that data is categorized and only shared with those intended. Outside of compliance, contract, or insurance requirements, many organizations may not have a regular schedule for this kind of inventory practice. However, this can introduce an unknown level of risk since a single open port or unpatched service might present a vector for attack or critical point of failure.
While this kind of regular assessment is crucial for effective security planning, no amount of chiding or lecturing will manifest more dollars in budget or minutes in the day for overworked security and IT teams to actually do the work. So, to help remove some of the roadblocks that make a comprehensive review seem like an arduous lift, Blumira is introducing our new, free Domain Security Assessment. Our team built this resource to help teams identify assets, services, and potential risks on their domains in minutes. If you’re responsible for keeping your organization secure and available, and your to-do list is longer than a drugstore coupon receipt, we built this for you.
Does What It Says On the Tin
The assessment begins by running through a series of scans to identify what assets and services are publicly discoverable for your domain. It will complete a series of scans chosen by the security experts at Blumira, with years of experience identifying potential risks and threats. Within minutes of submitting your details, you’ll receive an extensive report providing a detailed inventory, summarized findings, strengths and gaps in need of some attention, and potential risks which may need remediation. And returning to the “publicly discoverable” part mentioned above… even if you have most of the inventoried assets documented already, finding a handful of services that slipped through the cracks can be invaluable.
What Your Report Includes
Your free report is broken into a few sections for easy review:
- Executive Summary: This quick breakdown gives you a skimmable briefing on the state of your domain, along with an approximate security status rating and any key findings or potential critical vulnerabilities.
- Strengths and Areas for Improvement: This section lists both positive indicators of best practices in use for your domain, as well as highlighting specific changes to consider. Each item will be listed with a brief description, its potential impact, and recommendations for reducing risk. A few examples are:
- SSL/TLS issues - The SSL/TLS protocol is used to encrypt data sent between two systems, most commonly for web traffic. Older versions of the protocol were deprecated in 2021 due security vulnerabilities known to be used in attacks. If your domain is using these older SSL/TLS versions, the confidentiality and integrity of data in transit could potentially be compromised.
- Information Leakage - HTTP headers allow a client and server to exchange additional information with an HTTP request or response. In addition to a number of security headers which help defend against common web-based attacks like cross-site scripting (XSS), improperly-configured headers could unintentionally leak details about or data from that server. This includes detailed version information, which can be used to try and identify vulnerable or out-of-date software, as well as sensitive data in headers and error pages.
- Lack of DNSSEC - DNS helps keep the internet functional, by translating the numeric IPv4 and IPv6 addresses for websites into memorable and readable alphanumeric domain names. In a DNS cache poisoning attack (also known as DNS spoofing,) someone adds their own fake data to a DNS cache, re-directing traffic meant to go to one domain to another malicious destination. A defensive measure called Domain Name System Security Extensions (DNSSEC) can prevent this kind of attack by validating domain responses and prevent tampering. If DNSSEC is not implemented, your domain is potentially vulnerable to DNS spoofing attacks that could lead to traffic redirection to malicious sites.
- Inventory: Finally, you’ll get an extensive list of discoverable information found during the scan, including, but not limited to:
- WHOIS info (domain name, registrar, creation/expiration date)
- DNS Records (including mail (MX), nameserver (NS) and text records used for site verification and other services)
- Subdomains and SSL/TLS Certificates
- Email Services and Public-Facing Assets
- Open Ports and Services
- Cloud Servers and Web Servers
- Potential Common Vulnerabilities and Exposures (CVEs)
Why We Made It
Our mission is to build useful, usable, and affordable tools for the needs of mid-size and smaller businesses, and the Domain Security Assessment is an extension of that mission. Our customer experience team supports SIEM+ and XDR customers through a more in-depth assessment including all of the devices and services they’re collecting logs from, but we realized that the domain portion of this assessment could be made freely available for teams whether or not you use any of our other services. And we figure a useful free tool providing a detailed snapshot of your domain is better than yet another stress ball conference swag in giving you a reason to remember our name, right?
What To Do Next
So what’s the next step after downloading your free report? A detailed snapshot is a great first step, but point-in-time assessments need to be paired with continuous monitoring for truly effective threat detection, which just so happens to be our specialty! We hope that you find genuine utility in this resource to better protect your organization and teammates from breaches. If you’re ready to start identifying and remediating unknown risks and threats across all your environment, 24/7 security monitoring and response by Blumira can help. More than just collecting and analyzing logs, Blumira will also provide context and explain the impact along with how you can address any areas that require attention. In the meantime, here are some other free resources for assessing your environment:
- A fresh article on using nmap for asset discovery, written by Lead Incident Detection Engineer Amanda Berlin. Just as the Domain Security Assessment will help you find and catalog information about your domains, nmap can help find and catalog devices on your network
- Check out the first article in Amanda’s nmap series, covering the basics on using nmap for port scanning
- This on-demand webinar covers the basics on using sysmon, a free Microsoft system service for event logging and endpoint visibility (as does this sysmon 101 webinar)
- Want to learn more about using Blumira for security monitoring response, including biannual threat surface scans and recurring syncs available for our SIEM+ and XDR customers? Contact our team if you’d like to discuss your needs, or sign up for a free XDR trial if you’re ready to get started.