Understanding findings

Findings simplify vulnerabilities, misconfigurations and best practices into a prioritized, curated and aggregated list that helps you identify and remediate the most critical risk in your environment. runZero Findings are available from the Findings menu, and from the Risk Management dashboard.

What are findings?

Findings highlight the risks attackers are most likely to target. This enables security teams to focus remediation efforts on risks with real operational impact.

Findings group similar vulnerabilities and misconfigurations together, providing a more holistic view of the risk they represent. Each finding contains a description of the risk, remediation steps, risk rankings, and an individual list of all assets and entities affected by the risk.

Finding categories

Each finding is placed into a category based on the type of risk it represents. Categories include:

• Internet Exposure: identifies assets and services that are potentially unintentionally exposed to the internet
• Certificates: expired or soon-to-expire certificates as well as widely shared private keys
• Vulnerability: actively exploited vulnerabilities or critical vulnerabilities that runZero believes are critical to address
• End-of-Life: operating systems, hardware and applications that have reached End-of-Life (EOL) or End-of-Service (EOS), and are no longer supported by the vendor
• Open Access: network services such as unauthenticated databases and sensitive applications that are accessible without authentication
• Compliance: assets and services that violate security best practices
• Best Practice: general best practices that cover insecure authentication, service misconfiguration and obsolete protocols
• Rapid Response: emerging and novel threats covered in detail by runZero Rapid Response blog posts

Findings list

Findings can be found by using the main navigation menu directly below the Inventory item. They can be searched, sorted and exported similarly to other views within the console.

Finding details

When clicking on an individual finding’s name to see its details, you will see an overview of the risks discovered, any associated external resources, and pertinent remediation information to help you address the risk. Below the finding summary, you will find a list of all the asset instances that the finding applies to, so that you can quickly prioritize remediation.

How are Findings different from Vulnerabilities?

A vulnerability is a specific security issue, usually closely tied to a specific CVE or security advisory. Vulnerabilities are found by the runZero Explorer or imported via one of the many supported integrations. There can be hundreds of thousands of vulnerabilities for any given asset, and even more across your entire environment.

A finding is a curated, aggregated and prioritized list of risks that are most likely to be targeted by attackers. A single finding may group together several similar vulnerabilities. Findings are not always tied to a CVE and may include misconfigurations, best practices, and other security issues that may not make sense as a vulnerability.