Technologies

Innovative, scalable, and highly accurate SaaS technology to simplify and ease the burdens associated with vulnerability and threat management

Free TrialRequest a Demo

Vulnerability scanning has been around since 2000. Virtually every enterprise security team today utilizes vulnerability scanning - and likely a vulnerability management system. In fact, many analysts regard vulnerability scanning, at least, as having fully commoditized.

Accuracy remains elusive with even the largest VM solution providers- even after 20 years of technology evolution.

We'll continue to evolve and expand on vulnerability assessment, management, and adjacent market spaces that can benefit from fast, lightweight footprint, comprehensive and accurate network security technologies and risk assessment tools. Our network security technologies that continue to deliver market-leading differentiation include DDI RNA, VRT, NIRV, and DNA.

DDI Vulnerability Research Team (VRT)

While Digital Defense has achieved public acclaim for its superior vulnerability scanning, vulnerability management solutions, and best practice consultative services, we are also actively involved in security threat research.

The company’s Vulnerability Research Team (VRT) – comprised of talented, credentialed (Security+, Network+, CISSP) and experienced security analysts and researchers – regularly discover unknown vulnerabilities and zero-day attacks.

This proactive research translates directly to timely disclosures for our clients, providing an extra measure of peace of mind.

Using our own SaaS Vulnerability Management platform, analysts continually scour cross-client assessment results, as well as leveraging big data analytics to root out malicious or suspicious activity.

The VRT take its responsibility seriously and holds a philosophy of always contributing to the greater good. In addition to providing timely vulnerability insight to our clients, we also share findings with the vendor community – according to accepted security information exchange principles, such that vendors can address security weaknesses for the good of all.

Browse the VRT Library

Reconnaissance Network Appliance (RNA)

Reconnaissance Network Appliance (RNA) is a preconfigured network based device used to perform network security assessments without requiring onsite staff.

RNA utilizes a proprietary Linux-based operating system to scan every IP accessible device (including servers, workstations, printers, IP phones, routers, switches, firewalls, etc.) on an organization’s network for vulnerabilities and weaknesses.

The assessment data is transferred through an encrypted network connection to the Secure Network Operations Center (SNOC). In conjunction with Fortra VM, the package provides an on-demand vulnerability management, network security assessment solution and network scanning tool that enables organizations to assess and manage business risk.

DDI NIRV™ Scanning Engine: Cross Context Scanning

At the heart of the RNA appliance is the NIRV scanning engine which represents a fundamental break from traditional network scanning methodology and allows the discovery of critical flaws often missed by other engines.

Whereas traditional network auditing technology focused on auditing services in isolation in a highly repeatable manner; the NIRV engine is capable of auditing networks as contiguous entities where information gleaned from each host, service, and application is reused throughout the network, allowing for a more thorough audit of its peers.

Select examples of this technology include:

  • Webserver directory structure, scripts, and arguments discovered by webroot spidering or WSDL parsing on one service can be used to improve brute force, and fault injection on other hosts and services discovered; allowing tests to run multiple times in the same context if necessary for complete testing.
  • Usernames, password hashes, and authentication tokens, gathered from RPC services are automatically tokenized, translated to different authentication formats and leveraged in an attempt to gain access to other services on both the host and network level.
  • Critical SSL issues such as Heartbleed and BEAST are audited not just on traditional web-based SSL services but through the embedded SSL modes such as FTP, SMTP, POP3, VPN, RDP, RPC and even alternate-transport UDP based DTLS services.
  • Weaknesses exposed in RMCP and IPMI embedded ARM baseboard interface auditing can be correlated and reused against the primary host operating system in order to expose networked side-channel access to otherwise secure systems.

By allowing the efficient tagging, tokenization, and re-use of data across all OSI layers, network services, and peer hosts on a network, NIRV better simulates the tactics a  skilled attacker employs in modern data-breach attacks which often combine information gained through several moderate or low-level vulnerabilities to uncover more serious flaws and achieve a full system compromise.

The NIRV engine's cross context scanning technology has already been proven to be effective in real-world scenarios having resulted in dozens of critical CVE releases by major software companies. This includes the discovery of flaws in products which are among the most mature in the industry, having already undergone rigorous testing by traditional technology.

Digital Defense follows strict responsible disclosure policies when disclosing details of previously unknown flaws to software vendors, allowing vendors to respond and issue patches for any discovered issues and withholding any details that might benefit an attacker.

Key Benefits

  • Effective full network scanning for comprehensive security risk reduction
  • Extremely low false positive rate for efficient management of vulnerability remediation programs
  • Automatic host reconciliation of previous scan results for unparalleled assessment quality
  • Assignment of business risk weightings to hosts for sensible Security Grade Point Average (Security GPA®) assessment scoring

Installation & Maintenance

The number of RNAs required is dependent on the segmentation of an organization’s network; scan frequency, and number of hosts to be scanned.  After placing one or more RNAs in optimal scanning location(s), the units require power and network connectivity.

Outbound network access on TCP port 443 or 22 (SSH) is required to keep the RNA properly maintained.  RNA software updates are delivered to the RNA via this network connection automatically prior to the beginning of each vulnerability scan.

DDI Digital Node Attribution (DNA)

Digital Node Attribution (DNA) is the core technology within Fortra Vulnerability Management (Fortra VM) that eliminates network drift. As a point in time network vulnerability scanner that feeds RNA data into Fortra VM, DNA is able to match host identification artifacts associated with a specific endpoint over time – including dynamic identifiers like IP address, DNS hostname and NetBIOS hostname – and reconcile them back to a common identity. Now, regardless of how identification artifacts may change over time, – otherwise known as network drift, DNA can accurately and consistently pin vulnerability scans to each discrete endpoint over time. This forms the basis of DNA’s accuracy superiority.

To appreciate the impact of network drift, consider the following data, as revealed by a Digital Defense study:

Scan-to-Scan
Endpoint
Servers – % Change
over 90 Days
Clients – % Change
over 90 Days
IP Address 4% 36%
DNS Hostname 6% 42%
NetBIOS Hostname 34% 20%

This data demonstrates how much a typical network (attack surface) changes in a relatively short period of time. And, it is exactly why competitive vulnerability management products – even those from highly regarded market leaders – report so many time-wasting false positives, which exacerbates the long standing stigma of vulnerability management solutions as producing high volumes of misleading and inaccurate data, i.e., “big data pollution”.

DNA eliminates network drift and as a result, ensures security teams are spending time only on timely, comprehensive and accurately pinned vulnerabilities.

Simplify Your Vulnerability Management

Talk to one of our experts to get started.

Contact Us