Partner Newsletter July 2023

Dear

We have quite a few developments to share with you in this newsletter.

We are happy to welcome Aleksandr to our team who will be one of the software engineers working on the new Guardian360 Lighthouse frontend!

Guardian360 has been featured in “Niederlande Nachrichten” and has since then already received a positive response. In this partner newsletter, we share some insights mentioned in a report by TÜV SÜD AG titled “Cybersicherheit in deutschen Unternehmen”.

In the past month we closely collaborated with our Premium Partner SLTN to improve the stability of scanning. We consider ourselves blessed with such committed partners who are willing to work closely with us to greatly improve our platform and combined offering.

In this correspondence you’ll be informed of progress in Lighthouse, as well as be provided with a link to new wireframes and designs. As a team we are pushing hard to be able to present our partners with a first working version of our new dashboard. However, we need to pick up some last tasks and ensure the security and quality is up to our standards. In the meantime, please click through the wireframes and provide us with your feedback!

We published an opinion piece on the SIEM paradox that can be found below and finally we conclude with updates about upcoming events and G360DAO news. G360DAO has been on tour ;-)

Enjoy your summertime!

Kind regards,
On behalf of the Guardian360 team,

Jan Martijn Broekhof

Managing Director

Lighthouse update

While the HTML is complete and just needs to be wired up, some of our development work on the Dashboard had to be put aside this past month to attend to pressing updates and bug fixes on our existing platform.

Nevertheless, progress has been made, and with the new addition to our team, Aleksandr, work should commence at pace quite soon. He has already jumped in head-first and has provided some much-needed enhancements.

From a UX point of view we are already looking towards the future and based on requests from our partners we are coming up with new features that will make the product easy to use and enhance our offering.

One of the upcoming projects we would like to take on is the new issues workflow.

Some of the improvements we have included are:

only one issues table
column selection
advanced filtering
categories (issue type eg. Credential, Port etc)
grouping by IP Address, Assignee, Category
assigning issues
risk adjustment
better comms
swim lanes
in progress status (for when a partner has referred an issue to a client)

Below is a link where you can view our ideas for this:
https://xd.adobe.com/view/9090c98e-ae26-4390-a979-fa5a82ba657a-c5c3/?fullscreen&hints=off

We would love feedback on these designs. If you would like to contribute your ideas or requests, then please email your ideas to m.hugo@guardian360.nl or alternatively make a UX appointment on the link below:

DigiD 3.0

Recently we added the Dutch DigiD 3.0 Norm to the Guardian360 Lighthouse dashboard.

Scanning improvements

Recently, two irregularities were detected in the Guardian360 Lighthouse platform. As a part of our commitment to be fully transparent, we would like to share both irregularities, their causes, and the solutions that have been applied and will be implemented.

Multiple openings and closings of specific issues throughout the day
Under certain conditions, a vulnerability was found by one of the Guardian360 Lighthouse scanners at one moment and then the same issue was closed later the same day. However, the vulnerability was still present, and the respective issue was mistakenly closed.

Several causes contributed to this irregularity:

For a select number of issues, there was already a previously closed issue present in the database.
The selection of issues in the database lacked a check on the "scanner platform" (a probe or the central scanner platform), which caused it not to include the issues related to the respective customer and the customer's related issues. In specific circumstances, this resulted in the closure of an issue that couldn't be found by one scanner platform, while another scanner platform could find it.
The secondary SNMP brute-force scanner used by Guardian360 Lighthouse was executed three times based on finding the same initial open SNMP port, whereas it should only be executed once.
If one of the issues detected by the three different SNMP protocol port scanners is closed, it will also close the issues from the secondary SNMP brute-force scanner, even though the other two SNMP protocol port scanners still detect the issues.

Several improvements have been implemented in Guardian360 Lighthouse:

Controls have been added to the Guardian360 Lighthouse platform to take into account the presence of a previously closed issue. This ensures that an issue is not mistakenly reopened or closed.
The selection of issues in the database has been supplemented with the "scanner platform" parameter.
Instead of running three secondary SNMP brute-force scanners upon finding an open SNMP port, only a single scan will now be performed.
Prior checking of existing open SNMP port issues before closing the SNMP brute-force scanner issues. This prevents an issue from being mistakenly reopened or closed.

Extended duration of vulnerability scans on probes
The vulnerability scanner on the Guardian360 probes cannot always complete the scanning within 24 hours. Particularly in environments where a larger number of systems need to be scanned and the resources of the probes are expanded, this can result in unsuccessful completion of the vulnerability scan. Consequently, not all results will be updated in Guardian360 Lighthouse.

We have identified several causes for this:

The vulnerability scanner crashed, resulting in the scan task for one or all IP addresses being restarted. Multiple crashes in a day prolonged the overall scan duration, leading to failure to complete within 24 hours.
The available number of databases used by the vulnerability scanner was insufficient in probe environments where CPU and/or RAM resources were significantly expanded. The vulnerability scanner scales the databases according to the available resources, but it reached the maximum number of database limits. This resulted in longer queues and potential crashes as described in point 1.
The vulnerability scanner scans multiple systems simultaneously, depending on the available probe resources. However, only one check is performed at a time on a single system, which adversely affects the scan duration when the checks are time-consuming.

Several improvements have been implemented in Guardian360 Lighthouse:

The vulnerability scanner has been provided with various patches and updates from the vendor to prevent crashes.
The limit of available databases has been increased, eliminating this barrier for probe environments with a higher number of CPUs and/or RAM.
The number of simultaneous checks on a single system has been adjusted from 1 to 2, significantly accelerating the overall scan duration.

We have observed that implementing the above-mentioned improvements has resolved the irregularities. Please do not hesitate to contact our engineers in case you have any questions.

Cybersicherheit in deutschen Unternehmen

Recently TÜV SÜD AG published a report “Cybersicherheit in deutschen Unternehmen” (Cybersecurity within German companies). The report indicates large companies (50+ employees) have recognised the importance of cybersecurity.

76% of organizations with 50 up to 249 staff recognise the role as big while this is the case for 80% of organisations with 250 staff and more. Companies in the market sectors Services (69%), Energy (63%) and Healthcare (60%) seem to be on the vanguard of protecting themselves better against Cyber criminals. 98% of the respondents indicate strong cyber security becomes a competitive advantage.

To us this is another proof of the German market becoming more mature in a rapid pace and the value we can bring German organizations.

The SIEM paradox: striking a balance between security and operational challenges

In today's rapidly evolving digital landscape, organizations face a challenging dilemma known as the "SIEM Paradox."

On one hand, implementing a Security Information and Event Management (SIEM) system offers numerous advantages for bolstering information security. However, on the other hand, the lack of staff, knowledge gaps, insufficient log sources, inconsistent data quality, automated remediation limitations, and the alarming issue of alert fatigue create significant operational hurdles.

This opinion article delves into the SIEM paradox, exploring both the advantages and challenges associated with SIEM implementation.

G360DAO Update

End of June we presented G360DAO during the Dutch Blockchain Coalition Conference. This resulted in quite a few interesting contacts and new members on Discord.

In the first week of July, we had a thought-provoking brainstorm session with connect2trust, The Dutch Blockchain Coalition, Centric Roseman Labs and TNO. Our main focus was on addressing the pressing risk of Cyber Threat Intelligence (CTI) poisoning and the crucial need for data provenance to validate the accuracy of information. Together, we explored groundbreaking solution elements that leverage the power of decentralization, proof of ownership, and proof of responsibility.

We’re still looking for early stage investors. So please reach out to us if you’re interested to contribute to our mission!