Passive Vulnerability Scan; Vulnerabilities such as MS15-034 are big deal for information security specialists who have to keep up with the critical security patches on high pressure business environments. In one hand they know that the cat is out of bag and they have to find out their vulnerable servers, however, on the other hand they can’t find an early reliable scanner to find out what are those…
Passive Vulnerability Scan
NormShield also periodically gathers vulnerability and exploits information from sources like NVD as CVEs and Exploit-DB as exploit ids. These CPEs, CVEs and other exploit information are then related to each other, therefore, NormShield can passively find possible vulnerabilities in products that assets are using. The more granular the version information NormShield gathers the sharper vulnerability matching gets. So if a vulnerability pops-up that it’s not possible to scan remotely, NormShield gives customers early alerts.
The above figure shows Passive Scan tab under an asset panoramic view. The system matches the CPEs gathered with the CVEs and logs the matches.
Alarms are produced in two cases;
1. A new CPE with existing CVE matches is found for an asset.
2. A new CVE is published for existing CPE(s) of an asset.