We've just pushed our biggest release to date. We’ve added a lot of new functionality from the feedback we’ve collected from our customers and we’re going to cover a few of the more prominent features that we’ve added in this post.
It has been a crazy few months and we have skipped a few blog posts. To catch up on some of our more recent releases please see the link below:
Let’s get started!
Measurable security
One of the most frustrating things we’ve found is trying to track the progress security teams are making overall. A companies cybersecurity posture is constantly changing as new systems are added and teams use and build more tools.
We’ve started summarising your companies cybersecurity posture into daily buckets. We can now show you day by day how your cybersecurity posture is changing over time. Even down to the configuration changes of systems. This enables you to clearly see new risks that are being introduced into your environment. It also lets you identify the most pressing issues that can have the biggest impact on improving your overall cybersecurity score.
Weekly reporting
You’ll start to receive weekly security reports from us. This report is derived from the metrics we’ve been collecting. We’re able to produce high-level weekly reports on the latest changes to your infrastructure. Highlighting the most urgent issues that need remedying. These reports also help track your weekly performance making it measurable.
Benchmarking
Using and anonymising this summarised data we can benchmark your company against those in your industry vertical to help you better understand where and how you can improve against your peers. Including what security mechanisms others are prioritising.
Asset discovery
A really hard problem is still getting a complete picture of the assets in your environment. With new working policies like BYOD. This is more important than ever.
Zercurity now monitors your systems ARP cache to discover devices on your network. This helps to identify the overall coverage Zercurity has of your network and what devices need to be enrolled. Including unknown risks that lie within your infrastructure.
Vulnerabilities
We’ve now added a new section to aggregate all your known vulnerabilities across all your systems into one place. At a glance, you can see how severe these issues are and how an attacker can potentially exploit these issues to potentially gain unauthorised access to your systems.
Issues
Zercurity has introduced a new tab within the asset section to quickly show you the outstanding issues for a given asset. These issues feed into your overall security posture and reporting. Issues are tracked and re-offending issues can alert you to policy changes within your company.
Network device enrollment
You can now enrol Linux based networking devices using Zercurity. If you’re using Ubiquiti networking gear you can now enrol your switches and access points onto the platform to help increase your overall coverage and enable better asset discovery and improve overall compliance.
Pricing update
Moving forward Zercurity has updated its pricing model to better reflect how users are using the platform.
Zercurity is now free to use on as many assets as you like. However, after 30 days you’ll be restricted to the core functionality.
We’re also increasing the monthly cost of Zercurity from 4£ a month to 12£ per asset. Please note that for existing customers there will be no change in price and will continue to be billed at 4£/mo. This includes any new enrolled assets.
Thanks for reading and lastly here is our summarised changelog for our latest release (v18032019):
- Added Debian (8/9), CentOS (6/7), Windows (7/10), MacOSX (10.14) CIS benchmarking including more than 5k new compliance tests.
- Added a new compliance radar on the dashboard to quickly show you across your platforms where certain security configurations are falling down.
- New compliance dashboard that shows your weekly progress and where you need to improve and how you compare against your peers.
- Fixed some enrollment issues when re-installing over an existing installation to correctly clear and re-sync Santa rules.
- Added a new application risk history tab to show how we’ve derived a risk score for a given application.
- Optimised process fetching and hashing to reduce the load on the remote system.
- Restrict the data being shown for assets to the last 90 days for non-subscription customers.
- Added CVVSv3 scores to vulnerability data.
- Weekly compliance report.
- Daily summarisation of a companies cybersecurity posture. Including the ability to scrub backwards through time to review progress.
- Added Issues tab to the Asset information page. To help better identify and address outstanding issues.
- Added new vulnerabilities section.
- Added network asset discovery and detection of device types based on their mac address.
