Use case library

Community Platform

Achieve complete asset and attack surface visibility

Achieving complete visibility is essential for understanding and managing your organization’s attack surface. This encompasses internal and external assets, cloud amd security tooling integrations, and passive discovery methods to ensure comprehensive oversight and proactive threat mitigation.

Active discovery on all internal assets

This use case focuses on identifying all internal assets within defined network boundaries. It ensures organizations can actively monitor their managed networks to maintain up-to-date inventory.

Steps:

1. Define networks of interest/managed networks/known subnets.
2. Configure Organization(s) and Site(s).
3. Install Explorer(s).
4. Configure scan(s).
5. Review inventory to verify connectivity and fingerprinting looks good.

Active discovery on all externally facing assets

Gain visibility into external assets, such as domains and IP ranges, that represent your public-facing footprint. This approach ensures you can proactively address vulnerabilities in your external attack surface.

By monitoring external-facing assets, organizations can identify vulnerabilities and misconfigurations before they are exploited. Continuous scanning and updates keep your external inventory current and secure.

Steps:

1. Define external ranges, domains, and subdomains.
2. Set external ranges, domains, subdomains, and ASN4 numbers within scan scope.
3. Run scan using runZero hosted zones.
4. Review inventory to verify findings.

Passive discovery and enrichment in key network segments

Identify assets and gain insights without active scanning by leveraging network TAPs or SPAN ports. This ensures continuous monitoring with minimal disruption to network operations.

Passive discovery complements active methods by observing traffic patterns and enriching data without interrupting critical operations. This approach is ideal for sensitive network segments.

Steps:

1. Set up a network TAP or a SPAN port/leverage already existing network TAP or SPAN.
2. Put explorer on network TAP or host sitting on the SPAN port.
3. Configure the explorer to listen over relevant interfaces, set scan scope, set and forget.

Integrate with all cloud providers and other relevant data sources

Seamlessly connect with cloud providers and other data sources to ensure complete visibility across hybrid environments. Simplify asset management by unifying data under one platform.

Cloud integration enables real-time visibility into assets spread across various platforms. It reduces manual effort and enhances data consistency by leveraging automated updates from connected sources.

Steps:

1. Configure integrations with EDR, MDM, directory services, cloud solutions, and vulnerability management platforms.
2. Ensure on-prem solutions have an explorer to run successfully, whereas cloud solutions do not require an explorer.

Mitigate exposure before compromise

Proactively addressing vulnerabilities and minimizing exposure reduces the risk of compromise. By leveraging rapid assessments and robust security controls, organizations can stay ahead of potential threats.

Rapid understanding of potential exposure on new vulnerabilities

Quickly assess and address new vulnerabilities by leveraging real-time insights and proactive scanning. This ensures rapid response to emerging threats.

Using advanced search capabilities, organizations can gain instant visibility into vulnerable assets. This reduces response time and aids in targeted remediation efforts.

Steps:

1. Use Rapid Response for proactive vulnerability response.
2. Leverage search to identify potential exposure without new scans.
3. Proactively patch or run targeted vulnerability scans.

Reduce gaps in security controls

Ensure your security framework is robust by identifying gaps between various tools and runZero’s findings. Address these discrepancies to fortify your defenses.

Filling security gaps helps maintain alignment with compliance standards and improves overall posture. runZero’s integrations enhance the accuracy of your asset inventory.

Steps:

1. Run a query: source:runZero and not source:<integration>.
2. Find what runZero has found that doesn’t exist in other solutions/sources and vice versa.

Identify unnecessary public-facing services

Analyze external scans to pinpoint public-facing services that are not essential. Reducing these reduces your attack surface and enhances security.

Eliminating unnecessary services minimizes the risk of unauthorized access and data exposure. Regular audits help maintain a lean and secure public-facing footprint.

Steps:

1. Complete external scanning.
2. Leverage the Queries library.
3. Identify public-facing services and unnecessary configurations.
4. Review outlier reporting/analysis.

Identify insecure software and services

Uncover and address insecure configurations or software through robust inventory and dashboarding tools. Proactively secure your network against potential exploits.

Tracking insecure software helps prevent exploitation by ensuring timely updates and configuration adjustments. Dashboards provide real-time insights to prioritize efforts.

Steps:

1. Review the Queries library and write your own queries.
2. Create widgets on the dashboard, save relevant queries, and track numbers on dashboards.
3. In Services inventory or Software inventory, identify which assets are running insecure configurations or software.

Minimize corporate and regulatory compliance risk

Adhering to compliance standards requires accurate asset tracking, secure configurations, and effective vulnerability management. runZero simplifies these processes to help organizations meet regulatory demands.

Comply with asset inventory and discovery requirements of relevant frameworks

Maintain compliance with industry standards by ensuring accurate and comprehensive asset discovery. Demonstrate adherence through detailed inventory and reporting.

Comprehensive inventory management helps organizations satisfy regulatory audits. Combining active, passive, and integration-based discovery methods ensures no assets are overlooked.

Steps:

1. Review documentation maping runZero to compliance frameworks.
2. Review active, passive, and integrations options.
3. Use the task history to see when scans or integrations ran.
4. Display inventory for real-time compliance visibility.

Comply with secure configuration requirements of relevant frameworks

Meet secure configuration standards by identifying and addressing insecure protocols or configurations. Ensure alignment with regulatory requirements.

Secure configurations are critical for mitigating risks associated with legacy protocols and insecure settings. Automation tools enhance efficiency in identifying and remediating issues.

Steps:

1. Review documentation maping runZero to compliance frameworks.
2. Use search for insecure protocols like FTP, TFTP, Telnet, and HTTP.
3. Save searches for tracking and add to the dashboard for reporting.

Comply with malware protection requirements of relevant frameworks

Integrate with Endpoint Detection and Response (EDR) solutions to ensure compliance with malware protection standards. Identify and address gaps in protection.

Effective malware protection depends on real-time monitoring and quick response. Comprehensive integration options streamline the detection and resolution of gaps.

Steps:

1. Review documentation maping runZero to compliance frameworks.
2. Review EDR integrations and options for custom integration.
3. Search for gaps in EDR and alert on newly found gaps.

Comply with vulnerability management requirements of relevant frameworks

Leverage integrations and inventory tools to meet vulnerability management requirements. Track and address vulnerabilities effectively.

Meeting vulnerability management requirements involves continuous monitoring, prioritization, and remediation. Automated tools provide actionable insights to streamline this process.

Steps:

1. Review documentation maping runZero to compliance frameworks.
2. Search for gaps in vulnerability scanning.
3. Use vulnerability inventory with KEV/EPSS enrichments for enhanced insights.