Scanning larger IP networks
Larger IP networks can consist of a very large amount of IP addresses that can be challenging to cover in a single scan. Up until this release we limited the size of a single IP network you could scan to /20 network. With this release we are coming out with enhanced support to scan IP networks that are larger than /20.
When scanning a network asset target that is larger then /20 network, the system will automatically identify this and split up the scan in several parts for optimal performance, where scans will be run in parallell.
With the system splitting up the scan in several scans, you can easily analyze a larger result data set as each scan will produce its own result report. This makes it easy to share reports as the size of each report will managable.
Each sub-scan will be limited to /20 network, for example:
- You choose to scan a network asset target that includes a /16 network.
- The system identifies this as a larger IP network and performs automatic analysis to split it up in several scans.
- From the initial /16 network, there will be a total of 16 scan jobs running against /20 networks, based from the initial target /16 network.
- The 16 scan jobs will be executed in parallell for optimal performance and return results when finished per each /20 network.
More info on how to scan larger network assets
Access control with user roles and permissions
Security Center have received a new account wide feature with support for more granular roles and permissions on users.
The current static roles have been enhanced with a more dynamic structure, making it possible to define custom roles and assign to users.
Roles can be built up by using a set of permissions that cover vital parts of the functionality inside of Security Center. Different custom roles can therefor be created to be assigned on users, making users access only what they need to be using inside of Security Center.
With custom roles built on permissions you will have the ability to create a new level of access controls in your account, supporting your users use cases and allowing you as an admin to be in control of the access inside of your Security Center account.
Note: This is currently not supported for Single sign-on integration using SAML.
More information about new roles and permission
SIEM integration with IBM QRadar
IBM QRadar is a popular SIEM (Security Information and Event Management) used by many companies to strengthen their internal security operations.
We are happy to announce our initial integration to IBM QRadar that allows data from Holm Security VMP to be incorporated in to IBM QRadar.
With the new App built for IBM QRadar, customers can import assets and related vulnerability severity risks in to QRadar. This enables you to perform visualizations and correlating data from other sources in QRadar with the data from Holm Security.
More info about QRadar App from Holm Security
Import recipients from Microsoft Azure Active Directory
Phishing Awareness and Training (before named Fraud Risk Assessment) consists of recipients of people that are included in assessments. You can import recipients today by uploading a CSV to get started easily.
With todays release you now have the ability to set up an integration with Microsoft Azure Active Directory (Azure AD) which allows you to import recipients based on the users that exists in Azure AD.
Recipients can now be imported using the users email and users groups in Azure AD. This empowers you to easily onboard users from your Azure AD, making you ready to start new assessments faster.
Users can both be imported from Azure AD as new recipients or you can choose to update existing recipients where user groups can be mapped to recipient tags.
Security Center does now come with an ability to setup and enforce an account wide password policy. This allows increasing the security level at your account, making sure users comply with a security password strength for their user accounts.
The password policy is flexible and allows you to customize the rules of the policy according to your needs, making it easy to implement and set the security level you want to achieve.
Recipient risks and trends
Phishing Awareness and Training (before named Fraud Risk Assessment) have received updated risk severity scoring data and trend calculations.
From all assessments that are performed there will be more data calculated per recipients to give you a better understanding of the risk each recipient exposes. Giving you more context on what the severity is on a particular recipient and how the individual trend of that recipient is forecasted based on recent data.
This allows you to get a risk overview of all your recipients, prioritize your next assessments easier and understand who to target.
Updated design for vulnerability reports
Vulnerability reports have received a revamped design update on the sections where vulnerabilities are listed. This new design also brings new information appearing in the reports, making it easier then ever to interpret the data and the risk of vulnerabilities.
The new listing comes with a more minimalistic layout, supporting larger reports and saving space in a PDF to contain more relevant information.
Vulnerability templates can be grouped by either vulnerability or host asset. Grouping by vulnerability asset will now be less repetitive and provide a clear structure on what host assets are realted to what vulnerabilities.
Additional information that comes in the updated report template:
- Vulnerability state and status
- Asset tags
- Business impact of asset
- SAML setting RequestedAuthnContext is now disabled by default to allow biometrics support from Azure AD.
- Anonymized CSV scan results now also cover scan names to be anonymized.
- Highest severity calculation has been improved within vulnerability management.
- Comparison reports received a fix handling correct report types in the listings.
- Email field is now displayed properly when sharing a web application report to recipients.
- Explicit recipients are now excluded correctly in Phishing & Awareness Training send outs.
- Several issues have been remediated in the network scan profile page.
- Timezone is now taken in to account for scan notifications.
- Scanner Appliance notifications have been temporarily disabled in the platform. We aim to bring back an updated version of it in an upcoming release.