Helping NRENs measure and verify the number of exposed vulnerable resources both externally and internally
A vulnerability assessment and management of vulnerabilities requires both the understanding of the environment but also the collective experiences on what specific vulnerabilities that are high risk in an academic environment. The National Research and Education Networks differ quite a lot from similar-sized enterprise organisations in exposed resources however the CISO or those responsible for the systems need an overview of the threat landscape.
The service will provide two separate forms of service:
- A common generic open-source based service with additional features such as federated logon and import of Vulnerability Feeds.
- A commercial offering based on requirements from NRENs. This includes scanning huge address spaces and variety of targets in a heterogenous environment.
Both services will provide both External and Internal Scans and will base findings around CVE.
1. Open Source service
Providing a tool-set for:
- Asset inventory;
- Service profiling;
- Vulnerability scanning and verification of versions and vulnerabilities;
- Report generation.
The current toolset is based on OpenVAS with a API for integration with SOC-tools.
The alpha release provides functionality for:
- One line scanning (start / check / report);
- OpenVAS & nmap integration with API;
- Auth token for API;
- Scan configurations, scan parameters;
- Report generation.
2. Commercial contracted service
GÉANT will provide a service with Academic discounts, starting in 2022.
The service will be provided in collaboration with a vendor within the EU in order to effectively support GDPR requirements.
As of November 2021 – the requirements are under review and GÉANT will shortly publish an open procurement.
Future work
Create automation on scanning profiles for targets of interest collected through passive network monitoring.