Monitor network services
Why it matters
Having visibility on network services (ports) and configuration changes is a critical piece in defensive cyber security strategy. It helps to understand an organization's exposure and enables hardening of networks by closing the unnecessary ports. Some key considerations are how to:
- Gain a holistic view on both Internet exposed services and open ports within the network segments
- Automate the scanning process
- Get notifications about changes against the baseline
How we can help
- SensorFleet PortDiff provides an easy way to scan for both Internet exposed services and within the internal network segments
- Scanning is fully automated with configurable scan intervals and port ranges to scan
- After the initial inventory scan, notifications on the changes against the baseline are provided
Bigger picture
Small scale, occasional port scans are easy to do manually but lack the scalability. Automation provides coverage, regularity and pinpoints the changes against the baseline. Distributed sensor network is a flexible staging platform for implementing a comprehensive port monitoring process.
The IBM Security X-Force Incident Response (IR) team analyzed cases over the last year involving cloud breaches and identified the most commonly exploited vulnerabilities and misconfigurations: — Virtual machines and other resources with default security settings that were erroneously exposed to the Internet. This included misconfigured platforms and insufficiently enforced network controls that exposed internal services directly to the Internet.