Guardian360 consists of multiple Scanners which are constantly in- and around your network searching for weak spots or vulnerabilities in both the security of your network and web application.
If despite all forms of security and scanning, a network intruder or hacker is to compromise your network, our Canary sets off a silent alarm.
The 24-7 functioning Security Operations Center (SOC) will immediately identify and disable any intruder or hacker!
We call it ‘Managed Security’. You may experience it as ‘a good night rest’.
Global Scanners
This scanner will perform an external check of your applications, infrastructure and devices.
Network accessible from the outside
Network vulnerable to reflection/DDoS attacks
SQL server vulnerable, control of common configuration errors
We do this by obtaining access to your network with techniques that a ‘real hacker’ would use to infiltrate it-environments. This way you will get a clear picture of the following threats:
Server or website is part of a botnet
Server is vulnerable to SSL/TLS attacks or configured incorrectly
Local Port Scanners
This scanner checks, from inside your network, which ports are opened. Open ports provide an attacker the possibility to penetrate further into your infrastructure or to attack your web applications. More than 80 frequently used and abused ports will be scanned every hour!
Web Application Scanners
This scanner mimics a penetrationtest in the same manner in which an attacker from outside would also try to invade a website.
Injection capabilities and vulnerabilities
Script injection possibilities
General security configuration errors
Manipulation and forging of transactions
Not validated references
Think of all vulnerabilities which is spoken about within the OWASP recommendations, such as:
Incorrect session management and authentication issues
Addressing data without authentication
Sensitive data directly accessible
Over 80 other web application vulnerabilities
Content management systems like WordPress, Magento, Drupal and Joomla environments, including any third-party plugins
Amplification Scanners
This scanner monitors servers on the correct configuration of servers, and determines if they are susceptible to various threats as:
SSL & TLS misconfiguration
Reflection attack possibilities in the network
Generic Vulnerability Scanners
This scanner checks for the presence of – among other – old applications which are not properly patched, but also network applications, complete operating systems and web applications. We can thus recognize more than 70,000 current threats and undertake any necessary action.
Local Guardian360 Scanners
This scanner is a physical or virtual probe which will be installed in a safe and responsible manner in your internal office network, of course in consultation with your IT-staff. On this probe, Guardian scanners are installed that scan for security threats from within your network. By using an encrypted connection the results and findings are send to the Central Guardian database, where you can compare these results with the external scans. This will give you an actual ‘situational awareness’!
Credential Scanners
This scanner scans the network for unencrypted and non-complex passwords, or passwords which are too short. Even if these passwords are encrypted, the Guardian Cruncher will try to crack them. This is done by means of a special ‘password cracker’ which is capable of ‘guessing’ millions of passwords per second.
Blacklist Scanners
The blacklist scanner ensures that you can quickly intervene in case your domains and ip-addresses
Are your websites and/or ip- addresses known on pastebin?
Are your ip-addresses on a blacklist?
Is spam being sent from your network?
Is your network being used for bitcoin-mining?
Is your website being used for phishing?
Is a TOR Exit node known within your network?
are on a blacklist. It scans, among other things:
if there are any viruses, malware or other malicious activities active within your network?
Does your network make connections to 'command and control' servers or is an open Proxy server running in your network?
Is your network being used to hack – or for carrying out DDoS attacks?
Canaries were once used in coal mines as an early warning system. Toxic gases such as carbon monoxide and methane killed the birds, and that way warned the miners, so that they not became affected by the gasses and were able to save their lives.
The saying “A canary in a coal mine” is therefore often used to refer to a solution that serves as an early warning in a coming crisis.
And that is exactly how Canary Guardian360 works!
If despite all forms of security and scanning, a network intruder or hacker is to compromise your network, our Canary sets off a silent alarm.
The 24-7 functioning Security Operations Center (SOC) will immediately identify and disable any intruder or hacker!
Schematic Representation
As Guardian scans over 80 ports every hour, and on a daily basis scans all web applications and network components (depending on your contract type), regulary a new potential threat is found. When so, a ticket is created directly into our Incident Management System.
within 1 working day one of our security engineers evaluates what this incident means and how urgent the find is. After that, a solution will be developed to solve the consequences of the security incident or at least to minimize the damages as much as possible. So-called ‘Critical messages’ are given priority.
