ProHacktive has created Sherlock, an automated, plug & play cybersecurity auditing box. This solution protects you from attacks by giving you a complete inventory of all devices on your network and their security vulnerabilities in real time. Find for each of them simple patching proposals to be performed by your fleet administrator.
A successful attack is an infection on a workstation that spreads from device to device, until it takes over your entire network. Sherlock is as simple as it sounds: when vulnerabilities are patched, the infection stays local, no spread to the network, no widespread cyberattack.
How it works
- Every hour the ProHacktive servers update themselves with the known databases to discover new vulnerabilities.
- Every hour the boxes of our customers come to recover the new vulnerabilities.
- Every night our customers' boxes come to get the new features that our developers have concocted for you.
The discovery of the environment
- At startup, the Sherlock box will detect its network configuration and immediately find its neighbors
- As soon as the Sherlock box sees an address it doesn't know yet, it will try to find machines in this new subnet as well as in the neighboring subnets.
- For each detected machine, the Sherlock probe will try to find out what services are running on that machine
- For each detected service, the Sherlock probe will then retrieve the list of known vulnerabilities from its internal database.
- If the detected vulnerability matches a validating scan module, the Sherlock probe uses that module to verify the relevance of the discovery.
- When validating a vulnerability the probe will generate a random subdomain for each test.
- The probe then uses this random subdomain to launch the fake attack.
- The Sherlock probe then monitors for a few minutes this domain name.
- If the server responds that this domain name has been queried, the probe can deduce that the attack is possible without having touched anything on the production server.
- At the end of each audit, the Sherlock probe makes a summary of the results found and calculates the final score.
- If the rating has degraded (a new vulnerability has emerged, for example) or it has been a long time since the end customer has received a report, a new audit report is sent.
- Whatever happens a detailed audit report is generated locally and can be retrieved at any time via the GUI.
Exchanges with ProHacktive
- Every minute, Sherlock probes communicate with the ProHacktive infrastructure to report their health status.
- The ProHacktive teams but also partners can therefore monitor the health of your box and especially validate that the configuration is correct.
- In case of concerns and at the request of ProHacktive teams, your Sherlock probe can come and connect to our infrastructure so that internal teams can troubleshoot it.