FlockBox

Advanced Networking and Design

Hawk CVE Scanner


Benefits of Hawk Managed Scanning Service

  • Weekly scanning of configured LAN subnets for hosts and listening TCP/UDP ports is performed, e.g. on Saturday afternoon
  • All hosts, CVEs (Common Vulnerabilities and Exposures, or known security issues) and discovered open ports are investigated by FlockBox engineers before forwarding to customer or reseller IT staff
  • Best-guess detection of operating system and running software/services reachable via open ports (e.g. Apache on port 80, CIFS on port 445)
  • EOL/outdated software, operating systems and other areas of concern are flagged
  • Enumeration of CVEs is done via advanced heuristics, referencing upstream CVE database at www.cve.org
  • Rogue device detection is possible by comparing against baseline of known hosts and OS/software configurations
  • New TCP/UDP ports on certain hosts may indicate newly-installed software or malware infection
  • Automatic audit/inventory of LAN and all reachable hosts
  • Actionable items are referred to reseller for possible service call for remediation and billable hours
  • Hawk runs on a secure Linux/FreeBSD-based appliance (Virtual Machine or suitable hardware)
  • Hawk appliance is accessible to FlockBox engineers for maintenance and transfer of scan data via WireGuard VPN to FlockBox servers
  • Appliance operating system and software is patched as soon as practical once updates become available
  • Hawk software and detection/reporting routines are continuously evaluated and improved upon to insure the best possible vulnerability detection and timely notification of customer LAN security issues