FlockBox
Advanced Networking and Design
Hawk CVE Scanner
Benefits of Hawk Managed Scanning Service
- Weekly scanning of configured LAN subnets for hosts and listening TCP/UDP ports is performed, e.g. on Saturday afternoon
- All hosts, CVEs (Common Vulnerabilities and Exposures, or known security issues) and discovered open ports are investigated by FlockBox engineers before forwarding to customer or reseller IT staff
- Best-guess detection of operating system and running software/services reachable via open ports (e.g. Apache on port 80, CIFS on port 445)
- EOL/outdated software, operating systems and other areas of concern are flagged
- Enumeration of CVEs is done via advanced heuristics, referencing upstream CVE database at www.cve.org
- Rogue device detection is possible by comparing against baseline of known hosts and OS/software configurations
- New TCP/UDP ports on certain hosts may indicate newly-installed software or malware infection
- Automatic audit/inventory of LAN and all reachable hosts
- Branded reports are provided to the reseller for presentation to the customer monthly, with weekly updates as warranted
- Actionable items are referred to reseller for possible service call for remediation and billable hours
- Hawk runs on a secure Linux/FreeBSD-based appliance (Virtual Machine or suitable hardware)
- Hawk appliance is accessible to FlockBox engineers for maintenance and transfer of scan data via WireGuard VPN to FlockBox servers
- Appliance operating system and software is patched as soon as practical once updates become available
- Hawk software and detection/reporting routines are continuously evaluated and improved upon to insure the best possible vulnerability detection and timely notification of customer LAN security issues
