cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

SVM Inventory-Based Vulnerability Assessment

kmantagi
Level 7 Flexeran
Level 7 Flexeran
5 0 218

The actionable SVM’s vulnerability assessment results are achieved by performing a file-level scan against special criteria we have identified (referred to as a file signature). This capability provides definitive, actionable insights about the vulnerability status of a specific version of software on your endpoints. Such results require the SVM scanner to be executed on desired endpoints. Often this is achieved by running a scheduled task with an endpoint management solution like ConfigMan, Intune, or Workspace ONE. Alternatively, the scanner may be installed as an agent.  

However, we are often asked by our customers if an assessment may be made against existing software inventory data to avoid the need to run scans on endpoints. While a file-based scan using our file signatures will always provide the best possible results, we are introducing an alternative inventory-based assessment. This beta feature of SVM can provide directional (less definitive) inventory results depending largely upon the detail of the version information contained in the supplied inventory data. An inventory-based vulnerability assessment may be desired if:

  • You are looking for directional assessment information to determine the security risk of software titles not being scanned. There may be some devices, such as servers, which might be excluded from scans in some environments.
  • In an M&A situation, you may wish to scan against inventory data taken from another environment to get an initial impression of risk prior to rolling out the SVM scanner.
  • A file signature-based assessment does not identify products for which there are no file signatures. Without comparing inventory data against scan results, it can be difficult to identify software not being scanned. An inventory-based assessment will report any unknown software for investigation.

You can now import a software inventory in SVM for vulnerability assessment. Inventory data is easily exported to a CSV file from endpoint management systems like Microsoft ConfigMgr, Intune, Workspace ONE, or software inventory and asset management solutions like Flexera FNMS. SVM accepts a simple CSV file for inventory import. While it may include additional columns disregarded by the scan, the CSV file must contain the columns, product, vendor, and version. Rename the appropriate columns at the start of your CSV file to match these specific names if necessary, before importing.

 kmantagi_0-1662025929741.png

Click on Import Inventory to browse to a CSV file that contains the inventory.

kmantagi_1-1662025929830.png

You may import multiple inventory files into SVM. To better identify those inventories, they may be named upon import (a default name is populated to match that of the CSV file name). After an inventory is imported successfully in SVM, you will see it assigned one of the following statuses:

  • In Queue – The inventory has been imported successfully, but the inventory has not yet been assessed. Refresh this screen later to see if it has changed.
  • In Progress – A job running on the SVM server has picked up the inventory file and is performing the assessment.
  • Success – The inventory assessment is completed, and the results are available.
  • Failed Inventory assessment failed. Some reasons for the failed assessment include: the product name was missing in all the inventory records, the column names of the CSV file were named incorrectly, etc.

Determining the vulnerability status of software based on inventory information can be challenging due to a lack of detail (especially when a full, detailed, version number is required to determine security status and inventory reports seldom include such detail. To better account for the less definitive nature of inventory-based assessment, the following statuses have been introduced for inventory-based assessment:

  • Potentially Insecure: These products have a version number that is incomplete, and what is provided is less than the known secure version. For example,
    • v2.2.4 is secure, and inventory only reports v2
    • v3.8.1.3 is secure, and inventory only reports v3.8.1
  • Unknown: These products are either not matching correctly or are not currently being tracked by SVM.

 

kmantagi_2-1662025929920.png

 

kmantagi_3-1662025930079.png

 

kmantagi_4-1662025930143.png

Limitations and Future Enhancements:

This new Inventory Assessment capability is in beta. Please play with it and provide feedback in the SVM Discussion Forums as we plan to enhance this feature in future releases. Currently planned enhancements include:

  1. The Unknown Results tab displays the list of products not matching or supported by SVM. A new option will be introduced to suggest select products from this list for consideration.
  2. The current inventory assessment may result in an elevated number of unknown products due to the limitations of matching to provided software titles. We are planning to leverage Flexera's Data Normalization capability to achieve better matching and assessment results in the future. 
  3. The ability to delete, re-assess and edit imported inventory data.
  4. The introduction of new Smart Group attributes to cover inventory-based assessment results

We would love to hear any feedback or ideas you may have to improve this evolving inventory assessment capability to better serve you. Please submit your ideas on the Flexera Idea portal or discuss in the SVM Discussion Forum

Product Manager