What is runZero?

runZero

runZero is a total attack surface and exposure management platform that combines active scanning, passive discovery, and API integrations to deliver complete visibility into managed and unmanaged assets across IT, OT, IoT, cloud, mobile, and remote environments. runZero can be used as a hosted service (SaaS) or managed on-premise. The runZero stack consists of one more Consoles, linked Explorers that run as light-weight services on network points-of-presence, and a command-line tool that can be used for offline data collection. runZero can be managed through the web interface, via API, or for self-hosted customers, on the command line.

Data Sources

• Active Scans: runZero’s best-in-class active scan engine is fast, accurate, and safe for all environments, with support for a massive number of protocols and applications.

• Passive Traffic Sampling: runZero’s passive traffic sampling engine scales with available resources and works with broadcast traffic, SPAN ports, and encapsulated streams. Any runZero Explorer can be used for passive traffic sampling, regardless of location, configuration, or resources.

• API Integrations: runZero supports inbound and outbound integrations with major Cloud, Endpoint, CMDB, and Endpoint providers. In addition to the native options, customers can create their own integrations using the Custom Integration API and Custom Integration Scripts.

Live Inventory

• Assets: runZero tracks all assets across the environment; including cloud, mobile, endpoint, server, OT, IoT, and everything else in between. Assets are correlated and merged across data sources to provide a multi-perspective snapshot of all organization resources. The asset inventory supports deep search, configurable columns, and simple export.

• Services: runZero tracks all identified network services, via active scans, passive discovery, and integrations (where applicable). The services inventory simplifies exposure management tasks and enables deep search and exports.

• Screenshots: runZero takes a snapshot of each exposed web service included in active scans. The screenshot inventory allows security teams to visually inspect unknown devices and services.

• Software: runZero identifies network-exposed software and imports software records from API integrations. The result is a software inventory that can be used to quickly identify specific packages and versions across the environment.

• Vulnerabilities: runZero reports vulnerabilities based on identified exposures and imports vulnerability data from API integrations. The vulnerability inventory is provided as both a detailed, per-asset inventory, as well as a grouped view that simplifies investigation into specific issues.

• Wireless: runZero active scans also enumerate wireless access points within range of the Explorer running the task. This inventory includes the BSSID, SSID, encryption settings, and signal strength.

• Users and Groups: runZero imports user and group information from directory services, including Active Directory, Azure Active Directory (Entra ID), and Google Workspace. The user and group inventories can be used to identify accounts with specific attributes, such as expired passwords and excessive group permissions.

Reports

runZero includes a comprehensive set of reports that cover everything from layer-2 topology maps to outliers and asset risk. In addition to pre-defined reports, most attributes within an asset or service can be used to create a grouped report with a single click. For deep customization, the runZero Export API provides CSV and JSON(L) formats with arbitrary search filters, which can be used to drive analytics platforms like Tableau and PowerBI.

Monitoring and Alerts

runZero provides monitoring and alert capabilities that can trigger based on changes to the inventory, new results for custom search queries, and any system-level event (of dozens). These alerts can be delivered either in-product, by email, or to a webhook destination, including Slack channels. In addition to alerts, rules, and custom queries, goals and custom dashboard widgets can be defined to track progress towards a specific outcome.