You are currently viewing Continuous Posture Anomaly Management – The Journey of Building Something New 

Continuous Posture Anomaly Management – The Journey of Building Something New 

During the development of technology products, one always aspires to solve the real-time problems of customers and people worldwide. A journey of developing and emancipating a new product is one thing that connects all of us, entrepreneurs, technology inventors, and developers. 

In the era of vulnerability scanning that takes days and weeks to inspect risks, we at SecPod adopted SCAP in its early years. We began developing a fast scanner that is one of its kind. A scanner that can crunch enormous vulnerability and compliance checks and determine our risk posture within minutes. We established SanerNow, a suite of Advanced Vulnerability Management suite. This can help identify vulnerabilities, misconfiguration, and security deviations, remediate, and reiterate this process as a daily routine.

In this process, SanerNow agents collect information from the organization’s assets and upload it to the server for analyzing and correlating information tapping our homegrown security intelligence to ascertain an organization’s risk posture. This extensive collection of data is pumped into our Big data store. Often such device data are investigated individually, such as understanding a vulnerability in a specific operating system and providing an appropriate patch to eliminate the vulnerability.

A thought occurred in our minds…

What if we analyze all open ports on a device, associate the process running behind those ports, and map the application running behind? If the application is vulnerable, so is the port that gives a gateway for attackers to misuse the weakness. This thought gave birth to PA-2022-10011, our very first Posture Anomaly check.

The next step was to understand the applications installed in various devices in the organization. One may be able to see that though the devices were similarly configured, there were unusual applications running in some devices that stood out in our data analysis model. This gave birth to potential Outliers in the organization, and we founded PA-2022-1002. We can identify statistical outliers in software assets, hardware configuration, firewall settings, command history, DNS cache, and ARP entries, and the list is infinite. We took a close look at all 1000+ attributes2 we collect from every single device, clustered data to apply mathematical rules, and even investigated data trends over 30 days to understand an organization’s risk posture.

The Continuous Posture Anomaly Management (CPAM) product can solve many pain points for our customers. Elucidating the lack of deep visibility in the IT environment, cognizing technology clutter that is not streamlined, managing a diverse environment that is not easy, lack of security contextualizing and insights, the skepticism of device security controls functioning, not being able to isolate the most obvious attack vectors (often known as the low-hanging fruits), high investment in low-yielding solutions and ignorance of the most apparent attack entry point is the problems we want to solve through CPAM.

CPAM offers a list of 70+ checks that help security administrators to spotlight the flaws in the infrastructure, IT administrators reduce technology clutter and reduce the attack surface, and CISOs pull information from a set of 100+ reports from an intuitive dashboard of Continuous Posture Anomaly Management.

1A unique identifier SecPod Intelligence provides to each check of Posture Anomaly, in the format PAYYYYXXXX.
2The attributes are collected during the regular scan process and do not require additional resources for our customers.

To learn more about Continuous Posture Anomaly Management, click here