Watch to learn how Pulse can give your IT team the tools, training, and support they need to manage your cybersecurity – at an accessible price.
Small businessess and IT teams are often overburdened and lack the resources to proactively tackle cybersecurity threats.
Michael Breese and Tommy Pfister show you the key features unique to SecurityMetrics Pulse.
SecurityMetrics Pulse is a service that uses sensors placed in and around your organization’s attack surfaces. Using these sensors, Pulse provides you with visibility and actionable insights to fight cyber attacks and protect your customer data.
We created Pulse to give your IT team the tools, training, and support they need to manage your cybersecurity – at an accessible price.
This webinar was given on June 28, 2023.
Thanks for joining us today to talk a little bit more about small business cybersecurity.
We appreciate you taking your time out of your day, and we look forward to talking with you a little bit more. We'll get into a little bit about who we are. My name is Michael Breese. I'm a direct director of, business development here at at Security Metrics. I've been here for about a year, and I'm gonna allow my colleague here, Tommy, to introduce himself.
Oh, thank you, Michael.
Yeah. Like Michael said, my name is Tommy. Last name is Pfister. I am the product owner of our our cyber security product line. And like Michael, I've been here for just over a year.
We just wanna remind everyone that this is being recorded and we will send out a copy in the next couple days of the webinar.
Before we get into it, we'd like to give a brief introduction of who we are here at Security Metrics and what we do as a business.
We help you close data security and compliance gaps to avoid data breaches and comply with data security mandates.
We've been in business since the year two thousand, so for twenty three years. We are a privately owned company. Our mission statement summarizes what we do here at SecurityMetrics.
Our mission statement is we secure peace of mind for people that handle sensitive data. We do this through intelligent cybersecurity and compliance tools, responsive support, and avoiding a checkbox mentality.
So we wanna kinda get into a little bit of the background on our company after he's given a short introduction. Brad Caldwell is our CEO and founder.
And Jen Stone, Matt, and Gary also have been around for a long time. We really began taking off in the PCI DSS or payment card industry data security standards arena. And so Jen, Gary, Matt, their teams, they all travel the world and help, secure environments.
And they have a ton of experience as you see here. It's alphabet soup and, decades and decades of experience. So this really was the core of how SecurityMetrics started and really where it took off from.
So as we've matured, we have grown into, a more mature space where we have a full offensive and defensive cybersecurity teams. And Chad Horton in your top left there, he leads the, penetration testing team.
So, you know, sometimes you'll hear the term red team or, that is the offensive security team. So they go out into enterprises, and they actually do manual pen testing. They try to get into the environments, ethical hacking.
And then once they breach them, they they go ahead and let them know what's wrong, and they they fix that. So what's really cool is Chad and his team are able to share what they find and then vice versa with Russ, Matt, and Noah who lead more of the defensive cybersecurity side.
You'll hear that you'll hear it called blue teaming. So Russ leads our, cyber excuse me, our managed cybersecurity services team. And and then Matt Heff he goes by Heff, Matt Heffelfinger. He's got a great last name. He goes by Heff, and he leads our security operations center. Our SOC is what you'll hear it called. And he is our CSO.
And Noah works under him and leads our threat hunting in our security operation center. So he's him and his team are looking for the bad guys. And these teams collaborate together, and they share what they find. So alright.
And the experience. Yeah. This these are some of the accreditations that the company has as well as, individuals. We we've been around twenty three years, so we were founded in the year two thousand.
And we became a QSA or a qualified security assessor in the year two thousand six.
We also hold the title of an ASV, which stands for approved scanning vendor. So, we are approved and, our scanning solutions are approved by the PCI Council. They're very robust. And it's typically like what the bad guys will be utilizing to try to breach an environment.
So we utilize these solutions to help find those gaps. We've completed over twenty one hundred on-site audits, and we've secured over a million systems. So we have an extensive, background. And, again, as as we matured, we've brought a security operation center here on premise.
And beyond just professional services, we hold patents for some of the products that we have. And, at there on the last lane line, you'll see some of the compliance standards and assessments that we do for enterprises.
Alright. So what cybersecurity challenges do small businesses face?
Common question. Most of you probably can answer this, but, what we found is pretty remarkable. Back in twenty twenty two, IBM came out with a study.
And in the study, it it showed that the median cost of the average attack was nearly three million dollars. So in the small to medium sized enterprise space, this can be devastating.
It can shut down the company. And so, small businesses, you know, they're bootstrapping. They're typically trying to grow, and, they have a lot of resource constraints of time, budget, and other resources. And so we, as a company, are trying to make tools for these, small to medium sized entities that, they have so that they have a similar ability as the large players. So we know also we're all imperfect, not just employees, but especially in a small to medium sized business arena, you will deal with maybe individuals or hire individuals who aren't always trained. They wear multiple hats, and so they may not be trained on how to handle or look for a phishing attack or a smishing attack or other things like that that, threat actors will utilize to try to deceive them. The next bullet point, technology is always changing.
We we all know this. It's hard to configure and becomes outdated quickly, and so you need things that are simple to work with. And compliance and security practices the threat landscape and the security and compliance landscapes change. And as we become more digitized as a society, the attack surfaces or the surface areas of what malicious actors can get at continues to expand.
And so thanks, Tommy. As as we go into this slide, this kind of explains the attack surfaces and how they expand and how they're expanding so quickly. So you'll see there in the public spaces, you'll have employees or yourself will typically take, you know, company issued devices or their personal devices out to these public spaces where, threat actors or malicious actors can can be hiding in public Wi Fi or just in other areas where they might connect their devices and and then infiltrate the devices that way. Your employees' private networks at their houses or their friends' houses or family's houses, they're connecting to those as well, which is another area that you have to watch out for.
Your company, you may have your company completely secured down, but, we hear an ever growing issue of supply chain management and the issues that this our supply chain partners or clients can cause where threat actors will breach maybe a partner or an entity you do business with, and then they'll pivot over to your environment through that. So, this just keeps growing, and and, it's not going anywhere. It's just gonna keep happening. So now we'll talk a little bit about how to protect your business and data, and NIST or the National Institute of Standards and Technology has come up with this, great definition.
It's used regularly, defense in-depth strategy or security posture. And, basically, what it is is as an entity, if you put in multiple layers or walls, you will have a defense in-depth posture, which you see here with this up upside down pyramid.
There in the first section, you'll see the security operations center, which is really the first line of defense. We provide this with polls. Second is external network vulnerability scanning, so finding gaps in your firewall, misconfigurations in the firewall, open ports, things like that.
And then ingress and egress traffic is another layer. So traffic coming in and out of your network, so you can monitor that. Pulse also provides for that. Then some of the other services that we do typically with consultations, number four there, network segmentation. We can help consult around that And access control. So you don't have frontline employees per se having access to, on premise servers or things that could really cause problems for you if they're breached. So we help we help with those things too in our consultations.
The sixth thing, the internal network vulnerability scanning is another part of Pulse, which helps to find vulnerabilities on the inside of the network. And then at the endpoint, we provide an extended detection and response software, which helps threat actors not be able to reach those crown jewels there at the bottom. Alright.
So now Center for Internet Security or CIS, they have a security control system, and it's currently in version eight.
We actually help with this. Our auditors like Jen and Matt and Gary and their teams who you saw at the beginning, they can help with these. They do travel and check the environments out, make sure they're up to these standards. But it was developed originally in the year two thousand one in the SANS Institute who Noah, earlier, who you saw, he actually is attending there.
He will graduate there shortly, and the FBI started this. And it was originally twenty critical controls that were put in place, and it was informed and currently is informed by real world TTPs or tactics, techniques, and procedures, which the bad guys utilize to get into the environment. So these are studied and tracked, and we, understand how they function and then they're implemented. So in two thousand fifteen, CIS took over the maintenance and guidelines, and it's dropped from twenty controls down to eighteen with the current version of eight.
So three implementation groups here have been put into place for CIS. So all of those eighteen controls have been broken up into three sections. And the first section is really your basic cyber hygiene. This is where every business should start.
And once they complete I g one, they move on to two and three. They all build upon each other. Some really neat quotes directly from CIS's website. Quote, these the I g one will protect against seventy four percent of MITRE attack techniques and subtechniques.
So MITRE attack, if you don't know what that is, is it's a framework that's used by enterprises and governments all over the world, and it follows those TTPs that we discussed earlier.
The second quote, whatever this is what every enterprise should apply to defend against the most common cyberattacks, and it's typically geared towards small to medium sized entities with limited IT and cybersecurity expertise.
Now that we've kinda gone over the problems that our small businesses are facing in today's landscape as well as some different things they can implement to increase their security posture, we'll introduce our product here at Security Metrics titled Pulse and some of the things that it does for your business. To give a summarized one line quote for what Pulse does is, our goal is to help streamline your process of increasing your security posture by giving you visibility into the threats you've been missing. One of the benefits that we do have as a add on for our Pulse advanced product line is we do have SOC services.
Typically, for SOC services, you've got MDR, which stands for managed detection and response.
Here at Security Metrics, we do managed detection and then we enable you to respond. The reason why we do this is we're able to keep our prices low competitive. So that way you still get the benefit of having eyes on glass and those professional threat hunters looking for those threats, and they'll give you the the right direction to go to remediate those vulnerabilities that they find. Our stock monitoring is twenty four seven, three sixty five. And I think that Brad Caldwell, our CEO, said it best when he said, historically, only large enterprises could afford to have a SOC view live data and be proactive.
Now Pulse brings this capability to smaller security where entities at a much lower price.
Thanks, Tommy. This graphic here really gives a high level overview of what Pulse is.
And if we start over on the left, you'll see it. There's a dotted line there, dotted circle or square with some rounded edges. And it at the top, it says client telemetry. So we are ingesting or taking all this information.
So the web traffic from your, environment, the firewall, metadata, traffic in and out that goes through that, which is the ingress and egress traffic that you see there.
We also are tracking that communication on the IoT devices in your environment. So your cameras, your access control systems for doors, locks, windows, things like that, UPS devices, uninterruptible power supplies, things like that, smart thermostats.
And then also, obviously, the mobile devices that are connected to your network and your endpoints, so your computers and servers. And on those, especially for the crown jewels are the most important assets. We do install that XDR client. It's a piece of software that helps us just be able to see a lot more of what's going on, on that endpoint.
So we also are ingesting the network traffic, the endpoint scans, which are part of that XDR service. And then the major factor where we are an ASV or an approved scanning vendor, the internal and external network vulnerability scans. So that data is encrypted, and then it's transported via TLS to our security operation center. And there, they parse, index, and correlate that telemetry.
They enrich the data from the telemetry. And, once they've correlated, they'll filter it for false positives. So it takes a little bit of time for our security operations center to fully understand your environment, typically thirty to sixty days, and then, just depending upon the size of the entity. But then as things come in, they can filter them out and and help you with, alert fatigue.
So, obviously, we wanna keep those minimized but still catch things that need to be taken care of. We also utilize in the security operations center. We talked about this earlier. Noah and his team, they have eyes on glass threat hunting.
So they will go in, look at all that information, and they will correlate it and then alert you to what they find. And a lot of the times, threat actors, once they get in there, they try to be stealthy.
They, try to persist without being detected. So it does take somebody who knows what they're doing to get in there and and see that and find that. And then like Tommy said, we have twenty four by seven monitoring and alerting. So then if you go down a little bit further there, it drops down into the pulse cloud section.
So this is kind of a SaaS like product. It's a interface in the cloud. And when you log in, which Tommy will share with you soon, you get a monthly thirty day risk report. So, basically, it's taking all this data and information, and it's putting, risk to it.
So it it provides an internal exposure report, external exposure report. So those are the sides of your network, the inside and the outside of your network.
The outside obviously is really important because if you have things that are facing the Internet or web facing and they're misconfigured or not set up right, a threat actor can utilize scanners, find those things, and exploit them. So we also give you a report on your network traffic and your firewall traffic and then your endpoint security and any events that are going on there.
A little bit further down, some of this may be new to you if you don't have much of a background in IT or cyber, but, obviously, you cannot defend what you do not know is there. So Pulse provides you a robust list of the assets in your environment. So, typically, the correlating IP address, as well as the MAC address, and then it allows you to be able to label those assets so you know what they are. And based on your policies and procedures, you can name them.
You can give them a risk, a risk title, crown jewels, business critical, business crucial, etcetera.
And as those scans run and we're looking at those things, you see there the acronym CVEs. That stands for common vulnerabilities and exposures. And this is a number that is assigned, that categorizes vulnerabilities that are out there and have been identified. The CVSS is run by a a foundation called FIRST as well as EPSS, both of those.
And CVSS stands for the common vulnerability scoring system. So it assigns a score to those CVEs, and the EPSS is the exploit prediction scoring system, and it it provides, excuse me, it provides information on CVEs as far as exploit activity goes. So, what it looks at is intelligence that out there in the wild is looking for active exploitation of CVEs. So the bad guys are out there.
They know about these CVEs. A lot of times, Chad Horton and his team are pen testers. They know about those CVEs, and they are what is being utilized and actively exploited. So that gives you a probability in the next thirty days that a certain CVE will be exploited in the wild, And that's part of our consulting services that we provide that to you.
So within that Pulse Cloud, also, it provides a description of all those vulnerabilities or the CVEs, steps for mitigation or remediation so you and your team can quickly get to that. So moving on, something that really sets us apart is just our white glove support.
When you sign up for Pulse, you are assigned a customer success manager. That individual, you have direct access to, and, they pick up your phone calls, answer your emails.
We also provide remediation and mitigation consultations with it. And a lot of the times, you know, small to medium sized businesses, they don't fully understand sometimes when a vulnerability gets into the environment how to take care of it and how to clean that up or mitigate it and remediate it. And so we can help with that through talking. We don't go in and do it for you, but we we help talk you through it. So and then we have ad hoc consulting for really anything else security related with a on premise twenty four by seven support line. So that's really unheard of.
US based support in house here in Orem, Utah twenty four by seven. More of a tier one service, but, it's there for you. So we do provide additional services too. We do our best to try to be a one stop shop for most things, incident response, digital forensics, if you do have a breach, policies and procedure templates as well as helping with those.
So, you know, the key to that is you can have those, but if you're not executing them and making sure they're followed, they don't do much good. So one of the biggest gaps we see in SMBs is policies and procedures not being executed on. So we can help with that security audits and then pen testing, which we've covered. And then there at the bottom, the security consultations, I feel like we've gone through most of that.
And and, I'm gonna hand it off to Tommy.
Thank you, Michael.
So now at this point, we're wanting to go ahead and jump into the product itself in Pulse. We'll give a live demo. Alright. This is the first page you will land on when pulling up the Pulse portal. It is the dashboard page. This page is designed to give you a high level overview of how your organization is doing with some key information.
The first set of information that we give here is the scan section on the far left. And you can see we have two different boxes. The first box is locations with scheduled scans. The nice thing with all of these pages on all of these boxes, excuse me, on this page is everything here is hyperlinked. And so right here, we can see you've got ninety one locations for this organization, and eighty of those have scheduled scans, eleven do not. So if you do click on this, this will take you to a filtered list of the locations that do not have scheduled scans. And I mean, first and foremost, the reason why it's important to have scheduled scans is if you're not running scans, we're not able to do vulnerability scanning to see what threats you've been missing.
The next box below here is for the scans run. We also have a filter box here. It's gonna default to all, but you can select either external or internal if you just wanna view those. And these are the scans run over the last reporting period. So this specific organization ran one thousand one hundred and seventy scans in total, and then we've got passing failed or incomplete if the scan failed for whatever reason, mid scan. Our next section is going to be our top risk locations from last report. This is based on the number of external and internal vulnerabilities found within an organization.
And based on those vulnerabilities, these are the ones that we deem being at the highest risk of a security breach.
The next section over, we've got our sensors section. So this is gonna include all of your endpoints, your external IP addresses, as well as we send a hardware device to run both the syslog network traffic, back to our SOC and then as well as to run the internal vulnerability scan. So here we've got three boxes. We've got our total number of sensors.
We've got our online sensors. And then one of the boxes that a lot of our customers use frequently is our actions required. This means that there are twenty five sensors that are in need of some tender loving care. They might be offline due to it being unplugged.
It could be that the network traffic flow was interrupted, and so we need to troubleshoot that to get that back up up and running properly. Last but not least, we've got the unique vulnerabilities just below that.
That is separated by criticality level based on the CDSS scoring systems. We've got critical high, medium, and low.
And, again, all of these are hyperlinked to drill deeper if you so choose to dig into that specific topic.
Moving down to the reports tab on the left, we start here with the overview. And just, I guess, high level, this is actually a high level report of your whole environment, and so it's typically the leaders in your organization that will wanna look at this. And then as you drill down to more of your network admins or if you have a security team, the people that are handling, more granular information, they'll get into things further in this report. Similar to what Tommy was saying earlier, you can filter by sensor type, external or internal, and then the report dates are up. You'll they're housed over here on the right, and and there is a history there. So you can go back and track your progress as you continue to increase your cybersecurity posture.
The top priorities, these are all in the current report for the past thirty days. You have twenty four new critical vulnerabilities, so these are high value.
You wanna get to them right away.
Your network and firewall traffic, there are some outbound connections here that have been, malicious in nature, it appears. And so it does show the countries of origin where those IP addresses are coming from, and data has been sent to those IP addresses. So obviously, you'll want to look into this. We're a phone call away if you need help talking through anything.
And then below that, you have a high number of new exposures. There's twenty there and you have a total of two ninety four exposures detected.
I love this organizational risk section. You've got four layers, your external exposure, internal exposure, network and firewall traffic, as well as your endpoint security. And so you'll see the core correlating criticality with each of those there. And then here, on the risk breakdown, this also has hyperlinks into more granular information.
So if you click into these, what I'm hovering over, it'll actually take you down all the way to the endpoint to give you, you know, the full scope of what you're dealing with there. There are twenty new vulnerabilities in the environment over the past thirty days. Three hundred and thirty five have persisted, and the team looks like they only were able to remediate eleven of those. So, again, these are all hyperlinked as well.
So moving on into the exposure section, this is a similar view, but instead of by, the whole organization, it does break it down here by location. And what you just saw me do is filter just by the events criticality levels. Again, you've got hyperlinks here to get into anything that you wanna get into. If you only wanted to see the critical, you can do that as well and then hyperlink down into those.
Vulnerability totals, network wide, we're at three fifty five, and on the previous report, we were at three forty six. So we're moving backwards here. We need we've got some work to do. And then down below that, you'll see top vulnerabilities by category. Some of these things, typically are like, outdated operating systems, misconfiguration, outdated services or software, things like that.
Moving on to endpoint activity, we here on the left hand side, have the most active locations as far as potentially malicious endpoint activity, and then you have, filtering here that you also can utilize.
And then on the right it will show the actual endpoints.
And if you hover over these bar graphs it's going to give you some additional information. Again, you've got, you've got a report dates, housing, a history of this. And then this this endpoint events tab, it gets into more granular information.
It's still not as granular as what we're ingesting into our security operation center and monitoring, but it does give you a little bit more information for you and your team if you want to look beyond what we're doing. And then, you know, if you see something that you think maybe we missed, you can go ahead and talk with us about it. But we don't miss a lot, so good luck with that.
Moving on, firewall and network traffic.
The thing I point out here, this is outbound traffic to known malicious bad actors. This we're running these against, threat feeds of malicious IP addresses in and out of the network.
And as you increase the number of security, rules on your firewall, this traffic typically will decrease significantly. So a lot of entities will, I don't know, they'll block, you know, traffic to China or North Korea, Iran, North, I already said North Korea just malicious countries that typically whatever your business is you shouldn't be connecting to or having any traffic going to and and that will also help so just the the geolocation of where communication can go out of your network.
The last section here, the locations, this is another report here that provides information by location. You can expand these all And you'll see up here at this particular location, there's two sensors. At that location, there's two thirteen vulnerabilities, twenty three new. And then it goes through those different layers of external internal network and endpoint security events.
The cool thing here too is you have the opportunity to export this information by csv or the reports as a pdf and then if you click here this hyperlinks down to the endpoint to give you all the information that you need.
Alright. Perfect. Thank you, Michael. We're gonna pivot over to our sensor overview page. Alright. Here is a total list of the number of sensors and the locations those are assigned to within your organization.
I'm sure you'll recognize those three boxes there at the top. We've got the total sensors, online sensors, as well as actions required. The nice thing with these boxes is that they are actionable. So if you click on this, it filters down to the list.
Currently, we're on the location view. We also have a sensor view that you can switch to. This will show the different locations within your organization that currently require some form of attention on their sensors.
From here, you can also export this list. So if you wanted to have the list, you could export it as either a CSV or an Excel file. And as you can see here, we've got some pretty basic information based on, you know, if the scans are scheduled, if they're passing, if there's any actions required. As we can see, we're filtering for that list, so all of these do. And then how many sensors are in each location?
Last but not least, we have been currently looking at the locate or the list view. Excuse me.
Right in here, if we click here, we can click a map view. This will show kind of a high level view of all the different locations. And as you can see, there's a couple different colored dots here. Red means that everything is offline which it looks like this organization needs some, attention to make sure they get some sensors back online.
And then yellow means that it's partially online and then green means it's fully online. If we do click on one of these locations, we'll select this one.
It will populate over here to the right hand side. It'll have the list of sensors and then also the status. So it looks like this internal sensor is currently offline. So they can click here and they can see that looks like it's probably unplugged considering that the security metrics link and sys logs are not transmitting. So then they can know what they need to do to get that device back online.
Alright. Thanks so much, Tommy. We're gonna hop down now to the vulnerabilities tab. This is the vulnerabilities across your whole entire environment, and they will populate here.
And obviously, we want to prioritize and remediate these or mitigate these and mark them as false positives as much as possible. So, I just want to open this up. You've got a little bit about it here. It'll give you some additional information that you can read, and then I just kind of want to get into the filtering options.
So over here on the false positive scope, let's just go ahead and choose no location. So we don't have any locations in this filter option with that fall within that false positive scope. We'll choose that. And then we'll jump into the risk level.
Here, I think we'll just choose critical and high, and then it will load this information.
And from here, you now can sort it. So if you click up here, you'll see here that it's now gonna sort by critical. And then if I press down, it will go to the high because those are the those are the filters we have turned on. So then I'm gonna go back to the critical. And we're just gonna go in here and choose one of these vulnerabilities.
This MTA open mail relaying allowed. Let's click into this and just have a look. So the first thing we see here is we have two locations that are affected by this vulnerability. And then within those two locations, there are four assets.
Below that, we've got a description and then possible mitigation steps. And again, we are just a phone call away or an email away if you need any help. As we move over here to the right, this is where we get into the false positive scope. So, we've got two locations listed here and if we open each of these locations up it will show the sensor that the telemetry from those assets is being collected by. And then if we open each of those sensors up below it will have the actual devices, so the corresponding IP address and then the port that the communication is happening over.
If for whatever reason you have a compensating control in place for either one of these assets or multiple assets or for the whole sensor or the whole location or even at the highest level everything that you see here, you can go ahead and choose these as false positives.
What that does is moving forward on your reports, those will no longer show as vulnerabilities. They will show as resolved on that high level overview page that we went to previously for the next report, and then they will cease to show after that.
And so that's how you set the false positives in the vulnerability section.
Thank you, Michael. And last, we've got our scan management section. We'll go ahead and pull up one of our locations.
As you can see here, this is a search option, so you can search for a specific location.
We also want to highlight while this is loading a filter option up here. It's like we mentioned earlier, if you're wanting to filter by locations, you can see say, I just want that list to show my unscheduled locations, and then you can scroll through there. So that way you can go through and quickly see it well, which locations don't have scheduled scans. I can then schedule them and get those up and running properly.
And then the first thing we're going to jump into is our external scanning tab. So this will run your external vulnerability scan.
From here, we've got our IP address right here, our target.
And then how we schedule that scan or run it is we select it. And then if you want to run an immediate scan, you can hit run vulnerability scan, and it will run it immediately. Or if we click this drop down right here we've got our scheduled vulnerability scans which will open this window.
And from here you can select to either run this once. So say you don't want to run it immediately but you want to run it tonight after your business closes, you can run it once. Or if you wanna set up a regular cadence, whether it be weekly, monthly, or quarterly, you can do that as well. You can select a date. And so that way, if you want to run on the tenth of every month, for instance, then we'll run on the tenth of every month at eleven PM. This looks like what we deep default to.
So from here, after we select everything, there'll be a confirm button down here.
And then that's kind of the main gist of our external scanning and the capabilities of it. We'll review the results and well, where to review those results in a minute. The next we're gonna jump over to this networks tab. So in order to run an internal scan, we have to first find your network, and then we have to run a beginning scan to find all the assets on that specific network. We call that our asset discovery.
So from here, we it looks like this has one added network. It's a slash twenty four. We cover up to slash twenty four. There are some cases where we'll go above a slash twenty four.
So if you are in a situation where you have a higher than slash twenty four, maybe a slash twenty three or slash twenty two, please give us a call. We'll see if it's something that we can help you out with and, be able to help you with your, internal scanning.
From here, you can add additional networks. This specific location just has one network, but if you have multiple VLANs, you can add individual ones. From here, you just select the sensors. This one only has one sensor, and then you type in your IP address. And then if you want any notes in there to say this is a VLAN one or VLAN two, and you're welcome to do that as well. From here, it's the same process as scheduling an external scan. But for asset discovery, you can run an immediate one or you can schedule.
From here as well in this drop down, you do have a delete network. So say, you know, you accidentally typed in the wrong IP address. You can just delete it and then re add it. So it's really not a big deal.
So we've got scheduled asset discovery. As you can see, it's the same window over here. You can select the interview interval. You can select the date as well as the time to run that asset discovery.
And then after your asset discovery has been run, those results will populate here in the internal scanning section.
So this is gonna be a list of all the different assets found on this specific network. You got a couple different ways to help identify those assets. We've got the MAC address. You wanna get to a technical level.
We also have a vendor over here as well. And then also what sensor it was found on. So maybe you do have one or two sensors or more than one sensor. You can select just the sensor.
You can filter by that. Another nice feature over here is our asset alias. This is a great way to help identify what we like to call your crown jewels. There are very important devices that need to stay clean that are more important to stay clean than other ones, and you can label those as such.
So you can quickly filter by that list. From here, you can select specific sensors.
So say you just wanted to scan these four, then you can hit here on an immediate or as before you can schedule.
Another option, if you want to select all, you can select all right here just by clicking this button.
And then we also have this option here called select all non sensitive assets. I'm gonna have Michael talk a little bit about sensitive assets and what we deem them as both printers and network devices.
Yeah. So the printer, if you, in that category column right here, if you label it as a printer or a network device, and then you go up here to select all non sensitive assets, those particular assets categorized as a printer or network device will be excluded from the scan. And a lot of the times, when I talk to people, they say, well, don't we want to scan those? And of course, we would love to, but we don't want to cause problems on your network. We don't want printers spooling tons of paper or IoT devices getting kicked offline, UPS devices getting kicked offline, things like that. So the additional defense in-depth layer that we have is that if those devices do get breached or if there is any type of a malicious execution on them and it communicates out of the network, we will see that because we are monitoring that ingress and egress traffic.
So if you have a UPS device that gets infected, starts to communicate out to a command and control server or something like that, we will see that. We will identify it. You can isolate it and do what you need with it, and we can help you. So, yeah, that that's kind of how we position ourselves and have multiple layers of defense in place so that if you don't scan all assets or you exclude some of these, you still are, finding those issues and and able to fix them.
Thank you, Michael.
And the nice thing with this specific checkbox is if we select this, then we run it on a regular cadence. What it will do is each month, it will dynamically select the assets in your network, and it will run all assets that aren't labeled either printer or network device. The other benefit to having all of your assets labeled here and listed here, excuse me, in the internal scanning is for what's called shadow IT devices.
So, occasionally, there will be a threat actor that will, put their specific computer on as an as a would be labeled as an asset on your network. And it's something that you don't always necessarily catch because not a ton of people always monitor the number of assets that are on their network. So running a regular asset discovery and having this list here can help you identify any shadow IT devices if there is ever a situation where you which we hope never happens, but have someone on your network threat after.
Yeah. We've seen this at k through twelve where the password to an SSID will get out somehow and the student will connect to it. And then, you know, maybe that student has a has an infection on that device, and then it could spread within that VLAN. So it's it's important to know what's in the network. Absolutely.
So after your scans have run, they will be populated here in the scan results tab. So from here, you can see a couple different things. So we've got the highest CVSS score, found within that particular scan. We've got the alias, the target, the MAC address, when they were completed and started, what type it was.
If you want to just look at your external scans, you can filter by that list. As you can see here, the result, we've got both a pass and a fail. How we judge if a scan passes or fails is based on compliance standards. If there is a CVSS score of four or higher found within your scan result, then it is considered a fail.
So any vulnerability that is considered a medium or higher will be considered a fail.
From here, you can select specific scans. So let's say you want to do the most recent three. You can hit here, and you can download this as both a PDF or a CSV.
The other option we do have, I'll go ahead and deselect these real quick, is you can dig into the specific scan as well. So we'll click on this one. So as you can see here, we've got a status that's a fail.
The highest risk score is the CVSS score. It was a ten, so that's definitely above the threshold of a passing scan. We've got the total vulnerabilities, which is fifty five.
And then here is a list of the vulnerabilities that were found. You can expand these. The nice thing with this is it does give you a description and remediation, advice on how to help you remediate and get rid of this vulnerability.
We also have a list of false positives, so they carry over from scan to scan. And then also the notes section is if we find any vulnerabilities that don't have a CVSS score, we will be put it in that notes section.
And then last but not least, as always, you can download this as a CSV or a PDF file, if you want to drill down to the specific scan result.
And then last but not least, we've got our upcoming scans. We've got, looks like they have two regularly scheduled scans.
And from here, you can delete this. So if you've decided I don't want this specific scan to continue to run, then you can delete that. And then any scans here will populate here in this field.
And that gives us a real quick overview of our Pulse product and what you can expect to see in the portal. Before we conclude, we'd like to quickly go over our pricing or different packages that we have for Pulse, and I'll turn the time over to Michael for that.
Thanks. Yeah. This is what a lot of entities I talk with or we talk with wanna see first. But just like Brad talked about in his quote or Tommy Tommy quoted Brad, our CEO earlier, we really do want these tools to be in the hands of smaller to medium sized entities so they can play on at higher levels with the the big entities.
We have two pricing categories here. You'll see on the left, the basic and and, on the right, advanced and then extras. So in the basic category, we give you access to the pulse portal, the cloud based portal that houses those thirty day risk reports, and they're generated every thirty days. Both of those are also in with the advanced.
So you can kinda see how they correlate. We've put the columns and rows. We've aligned those. So underneath the basic section where it's blank, if you look to the right, those are things in the advanced that get those options that are not with the basic.
So the third check mark down is the asset discovery and inventory, which is obviously included in both packages. You've gotta know what's in your environment. You've gotta have a good inventory and know what what vulnerabilities are in there.
And then as we move down, you both packages get external and internal network vulnerability assessments on a monthly basis. So you get that information in the, it's populated in the pulse portal in that thirty day risk report.
The first difference between basic and advanced is with the licenses of endpoint software. In the basic package, we're giving you five licenses of endpoint advanced software. And then on the advanced, you get ten licenses of endpoint advanced with XDR and MD. So some of you may not know what those acronyms are.
XDR stands for extended detection and response, and this is very robust software that runs on the endpoint and allows our managed cyber security services team as well as our SOC to do some querying, utilize a data lake, and really look for indications of compromise on those endpoints that likely would be missed had you not had the software installed. And then we do the MD or manage detection on those. Tommy kinda went through MDR earlier. So we do do manage detection on those endpoints, and we alert you to what is found. So you can kinda just what's nice about that those is you don't have to really worry about those endpoints. It really takes a load off the IT team. We manage those endpoints for you, and so the advanced package is, pretty, desirable from that standpoint.
So now in the advanced category, some other differences.
With advanced, you do have a threat. You have threat actor discovery. That's another word for threat hunting. So Noah and his team are gonna be in your environment, and they're gonna be poking around regularly looking for stuff, looking, for the bad guys that have gotten in or additional issues that are not caught through automated communication in and out of the network or other telemetry that's being ingested. It's also managed by a threat analyst, so you have access to them, and they'll do a monthly consultation with you.
Those individuals are in our SOC or it might be a managed cybersecurity services analyst.
And then if you did just for whatever reason you only wanted basic and then at a future date you needed some consulting, you can see down there on the bottom right, you can purchase just additional blocks of consulting and, additional endpoints at the top under the extras as well. And you can tack those onto the prices you see below each of those columns. And in addition to this, this pricing here that we're showing you is for the private sector. We do have specialized pricing for k through twelve, and please contact us. Our contact information, will be provided here shortly.
Thank you, Michael. That concludes the bulk of the stuff we wanted to cover here introducing our Security Metrics Pulse platform.
And we'll now receive a couple questions that we have received. And, if any questions aren't addressed, here in this webinar, please feel free to reach out to us. We'd be more than happy to either set up a secondary demo with you if you'd like a more thorough or just a simple question.
We'd be happy to answer those, and we'll leave our contact information here on the screen.
Alright. First question. Does Pulse help meet any compliance requirements specifically for PCI compliance?
Yes. It absolutely does. Requirement eleven dot two for PCI requires a vulnerability scanning solution.
Pulse fulfills that requirement. It also helps other compliance standards as well.
HIPAA specifically doesn't have vulnerability scanning as a specific requirement, but they do require risk assessments.
And one of the the ways that you can accomplish that risk assessment is by using vulnerability scanning solution.
And first and foremost, outside of compliance, it's considered a best practice to make sure your system stays nice and secure by using a scanning solution.
Question two. How difficult is it to get pulse set up for my system? What is the overall process it includes?
It's simple to set up.
We we do place sensors in and around your environment. The way that this is done, those sensors include the endpoint software, which you install on the endpoint. So typically, a Windows operating system, Linux operating system, or Mac OS. And we depending upon the size of your environment, one to two appliances will be placed in your environment, and the network telemetry is forwarded to one of those.
And then the other one also will act as a sensor for doing scanning or, kind of controlling the scanning on the inside of your network. And so it's just setting up a couple, port forwards, I believe, and it's just some simple basic IT stuff. And if there are any issues, we do provide instructions on how to do it. And if there are any issues, we're you're just a phone call or email away, and we're happy to hop on and help you out.
So very simple. We've made it simple.
Question three. How does this tool help me improve my security?
Well, there's a couple different ways that it helps. First and foremost, like we mentioned earlier, if you don't know you have a problem, you don't know you need to fix it. So first and foremost, we help you find those vulnerabilities that you have been missing and give you the opportunity to harden your system to prevent any future or any hopefully, you haven't already been breached, but any, cybersecurity breaches or attacks.
It also with endpoint protection software, there's a lot of different things that it helps cover, and it helps keep those crown jewels protected and in good working order.
Alright. Next question. How often do I need to review the data with Impulse?
That's a little bit of a loaded question. I think it depends on what role you're filling.
If you are a business executive that wants to keep it at a very high level, that's just interested in the the bulk of how are we doing, I think we'd probably recommend usually at least once a month to specifically review your risk report, over the last month.
I know PCI DSS requires quarterly scans. We do recommend more than quarterly. We wanna help you stay on top of your security.
If you are an IT person who is whose main job is to continually patch and keep your system in a good state, at a lower risk for a cyber breach, we'd recommend even daily. You can log in and you can see these vulnerabilities, and you can address the ones that need to be addressed.
Next question. Who is this tool built for?
I would say it's built for anyone.
But as a company, really getting back to the core of why Brad started Security Metrics, it was to help SMBs. We do business with large enterprises as well now. We're much more mature than we were back in the early two thousands. But, like we said previously, we're trying to give tools to smaller to medium sized entities that they can't afford typically because it's out of their resource constraints. So out there in the wild, we are seeing a lot of k twelve institutions.
You had you know, the big one in the news last year was the LA Unified School District being breached. And then I wonder how many go on that we don't even know about. They don't hit the news because they're at small districts. I think it's pretty substantial. We see an increase in these numbers, and so we really have enjoyed getting into the k through twelve vertical because, a lot of these smaller districts, they cannot afford a full MDR where somebody is doing all that work for them. But these small limited IT staffs that are at these school districts, they get a lot of help through, the managed detection side and then our consulting services and us helping them secure their environment and get them to where they need to be.
So Last question.
Why should we choose Security Metrics over some other competitor?
A couple different reasons.
I think first and foremost, we have a lot of experience in this specific field in regards to data security and compliance. Been in business for over twenty three years. We have a very extensive our hands in a lot of different things. We have a lot of different experience with a lot of things.
We are an advanced scanning solution, so we're gonna be right on par with the top dogs in regards to the internal and external scanning. I think the main differentiator for us is that we give white glove service at an affordable price. We give these smaller businesses and these k through twelve schools that might not be able to afford a full blown MDR solution. We give them the ability to have a lot of those perks at an affordable price.
Yeah. Well, that's all the time that we have today for questions. Like we mentioned earlier, if you do have any additional questions, please feel free to reach out. We'd be more than happy to either set up an additional phone call or just communicate via email.
We have our emails provided here on the slides, and we thank you again for coming and joining us today. If you weren't able to attend, friendly reminder that we did record this recording. It will come out in the next couple of days and we can able to view it then.
.svg)
