Ready-made scan profile for exploits & ransomware
We’ve made it easier than ever to scan for vulnerabilities that are related to exploits and ransomware. The new network scan profiles allow you to easily set up on-demand or scheduled scans that include the detection of these vulnerabilities.
This new capability is now available directly in the new default scan profile “Network scan profile – Ransomware & exploits”, that is available on your account. It is a perfect profile to use for any 0-day vulnerabilities that have a known exploit out in the wild.
The list of exploits that are scanned forincludes the list of known exploited vulnerabilities that Cybersecurity Infrastructure & Security Agency (CISA) supplies (https://www.cisa.gov/known-exploited-vulnerabilities-catalog).
How to scan for ransomware and exploits
Unified scans overview
All scans across asset types are now available in a single overview, making it easier to track all your vulnerability and policy scans. The new overview consolidates network, policy and web application scans – enabling you to track all the scans at once.
The new overview comes with the ability to create different tab views using the enhanced filtering options. This enables different views to be created that can focus on everything from scheduled scans only to scans containing specific tags.
The user experience of the page has also received updates, making it more rapid and easier to use with improved error messages and result views. The severity levels from the scan result are now directly visible within the overview and the asset types are identifiable with the new asset icons. The scheduling of scans havealso received updates to make it easier to set up recurring scans.
JavaScript enabled web applications
Scanning web applications that are empowered by JavaScript, are now moved out from beta and are Generally Available (GA) for all accounts within Security Center.
Awareness training statistics in a new report
Phishing & Awareness Training report receives training data to better understand how recipients have performed when participating in awareness training sessions. This enables further insights into how recipients behaved – how many completed training sessions and how many never started it.
Answers from awareness training sessions are visualized to easily see on what steps the recipients were challenged and how many who answered correctly versus incorrectly on each step.
This is available for both individual sessions as well as multiple sessions, including tracking of the trend.
How to create Phishing & Awareness Training assessment report
New phishing simulation templates
New phishing simulation templates available:
- Paypal Invoice
- Spotify Free Subscription
Improved coverage for web application vulnerabilities
We are excited to announce new vulnerabilities that can now be detected through our web application scanning.
- Subdomain enumeration – finds subdomains of the target that can contain vulnerabilities.
- Server-Side Template Injection (SSTI) - an SSTI vulnerability can allow attackers to gain remote code execution on the target server.
General Enhancements
- Emails sent from Security Center are now updated with a new and improved layout and design.
- Network scan profiles can now exclude intrusive vulnerability tests.
- For phishing simulation, the template menu items have been adjusted to improve navigation.
- Phishing & Awareness Training is now automatically detecting robots & protections that can cause incorrect statistics for phishing send-outs. Click-actions that happen within 10 seconds after the start of the assessment are now automatically ignored to avoid incorrect data.
- New web training translations for Norwegian and Danish within Phishing & Awareness Training.