The DSEA agent only runs on the local machine and does not remotely run on other machines across the network. So, in order to collect vulnerability data from every machine the agent must be run on that machine. In large organizations, system administrators may elect to have the DSEA agent run from a network login script in order to avoid visiting every machine on the network. If the DSEA agent is not run on a particular machine the aggregate data will still be valid for those machines on which the agent was run. In large organizations a representative sample of the machines is often sufficient to measure the relative security level of the organization.
First, you get a detailed look at where your network might be vulnerable to an outside attack. Our experience shows that the vast majority of items can be fixed easily and quickly but only if the system administrator knows about the vulnerability. The DSEA agent reduces hours and hours of system admin time down to a single program that can be run and give a detailed report of what needs to be fixed and the relative severity.
Secondly, you gain the confidence of your own customers. Many larger companies are now requiring their vendors and suppliers to comply with a specific set of standards in order to do business with them. The government has also weighed in on this and established numerous compliance standards, such as HIPAA, PCI, SOX, etc. that must be followed in order to avoid stiff fines and penalties.
We’d be happy to help walk you through the process either over the phone or in person. Just send us a note and we’ll gladly explain the process in greater detail.
No, security is not as simple as a simple pass or fail grade. The DSEA agent looks at literally thousands of different vulnerabilities and looks for trends rather than a specific score that will cause a pass/fail condition. For example, if the machines on a network have been patched recently but a machine was skipped or a brand new vulnerability is discovered, this will be flagged but not result in a “failing” grade.
The DSEA agent has been specifically built to avoid any harmful interaction with a target PC. No files are copied to the local machine and no configuration settings are changed. The tests that are being done are considered “non invasive” and operate in a read only mode and gather information through documented system calls. After the DSEA agent has run, the target machine will look exactly as it did before the agent ran.
DSEA runs a series of tests depending on which operating system is present (Windows XP, Windows 8, Apple OSx, etc.). On average the DSEA agent takes 12-30 minutes to run. The agent runs in the back ground and does not prevent the user from continuing to use their machine while the agent is running.
The DSEA agent can be configured by simply adding the “-d “ parameter to prevent the agent from uploading any information. This is also useful for machines that may not be connected to a network and could not upload their information anyway. The DSEA agent can later be run with the “-upload-only” parameter which will upload the log file without actually running the agent.
By default, DSEA creates a log file that contains the specific vulnerability that is found and uploads it to a secure central database for analysis and reporting. This transmission is encrypted and signed with a certificate to ensure that there is no unauthorized access to the information. Once all the target machines are scanned, DSEA prepares a report outlining the relative security of the organization and any specific recommendations or fixes that can improve the security profile of the organization.