On-Demand Remediation Validation
Now in the Censys ASM Platform, security practitioners can check for the presence of a vulnerability and validate any remediation that has taken place, all within the platform. Using our On-Demand Remediation Validation, customers now have the ability to re-scan their own infrastructure for known services once a remediation has been implemented. In the case of the new Confluence vulnerability, a risk will appear at the top of the page indicating remediation should take place for any host running a vulnerable version of Confluence software.
Above we have a host with a few issues: an instance of the “Vulnerable Confluence Service” risk, along with multiple ports exposing an end-of-life version of Nginx.
After the service has been upgraded or removed from public access, simply click the “Refresh Known Services” button on the page for that host. In the background, we initiate a low-impact scan of services already present on that host. This scan can detect changes in risks and software; services that are not publicly accessible will no longer be visible in the platform.
The host is being scanned and updated using the same pipeline we provide for asset discovery and updating.
Once the “Refresh Known Services” is complete, the host page will reflect removed services and risks, along with any updated software. Most service refreshes will finish in less than 1 minute and will include any of the names we find associated with the host.
The previously exposed Confluence instance is no longer online and Nginx has been updated to a current supported version.
Practitioners First
With On-Demand Remediation Validation, security practitioners can now get instant feedback and no longer need to wait until our next scan cycle for changes to be picked up. This enables practitioners to instantly validate that an issue has been resolved and that a risk is no longer present in the organization’s attack surface. If required by compliance or other mandates, they may also collect evidence from the ASM platform that the issue has been resolved and use this to close any internal tracking or ticket.