Document Version: 2.3
© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.
The purpose of this document is to assist users when installing and configuring Scanning-Less Scanning (SLS) available for Outpost24 products. This document has been elaborated under the assumption that the reader has access to the OUTSCAN/HIAB account and Portal Interface.
A Traditional Approach
Traditionally, organizations use vulnerability management tools to scan their network at regular intervals. This includes daily, weekly, bi-weekly, monthly, bi-monthly and quarterly intervals. If a new vulnerability is discovered in between those scans, the system is unknowingly susceptible to an attack during that time period.
Traditional vulnerability management tools provide organizations with a false sense of security between regularly scheduled scans. The organization may feel safe, but new vulnerabilities during the time period between scans can be exploited to cause significant losses.
Outpost24’s Unique Approach - SLS
In striving to offer a more proactive approach to vulnerability management, Outpost24 has incorporated a unique tool feature called SLS, which decreases the overall exposure window for attacks and eliminates risk.
When a new vulnerability is discovered, Outpost24’s products are immediately updated. The tools then compare information gathered during the last scan and alert the user about any systems that could be affected by this new vulnerability.
SLS is included in OUTSCAN as an on-demand Software-as-a-Service, and in HIAB as a plug and play appliance, both of which allow organizations to easily detect vulnerabilities and manage remediation to prevent hackers from penetrating the network. The below figure shows how our Scanning-Less Scanning works.
Enabling Scanning-Less Scanning
To enable the SLS feature on your scans, follow the below steps.
- Go to the Main Menu.
- Click on Netsec, select Scan Scheduling.
- Select a specific schedule and right click on the schedule name. Choose the option Edit from the context menu.
This displays the Maintaining Scan Schedule window.
- Go to Scan Settings tab as shown in the above figure, select the Daily updates (SLS) check box.
This is the Scanning-Less Scanning feature, which allows the report to be updated daily (at the same time of day that is defined in the Next Scan field) with any new vulnerability that may affect the specific system.
The fingerprint database for a system is only retained for a maximum of one month. After that period, the fingerprint database is to be considered outdated and no longer be used.
Ad-Hoc Scanning-Less Scanning
It is also possible to perform manual Scanning-Less Scans whenever needed. To perform this, go to Reporting Tools, right click on a schedule and select Update Scan Results.
This initiates a Scanning-Less Scan against the target and compare new vulnerabilities with the fingerprint stored for this scan. Any new vulnerability that is added through a SLS scan can be identified in the Findings grid, Added column. The new findings are available in the same report with a different date in the column Date Added, which can be added to the Findings grid.
SLS can also be initiated from a single target through Target section under Reporting Tools.
If the report does not have a valid fingerprint database stored, this option will not be available in the above menu. In other words, this option is only available on latest successful scan of the scan schedule.
You can receive alerts about SLS, or notify someone when a report is updated after SLS, or if the system is unable to start an SLS update. To set the notifications,
- Go to the Main Menu.
- Select Event Notifications under Settings.
- Select New or right click on any entry and select Edit.
You should enable this feature only after the execution of an initial scan.
In the above example, an email alert is sent to the demo user whenever the system could not start SLS.