Sherlock

ProHacktive has created Sherlock, an automated, plug & play cybersecurity auditing box. This solution protects you from attacks by giving you a complete inventory of all devices on your network and their security vulnerabilities in real time. Find for each of them simple patching proposals to be performed by your fleet administrator.

A successful attack is an infection on a workstation that spreads from device to device, until it takes over your entire network. Sherlock is as simple as it sounds: when vulnerabilities are patched, the infection stays local, no spread to the network, no widespread cyberattack.

How it works

Vulnerability updates

Every hour the ProHacktive servers update themselves with the known databases to discover new vulnerabilities.
Every hour the boxes of our customers come to recover the new vulnerabilities.
Every night our customers' boxes come to get the new features that our developers have concocted for you.

Sherlock : vulnerability updates

The discovery of the environment

At startup, the Sherlock box will detect its network configuration and immediately find its neighbors
As soon as the Sherlock box sees an address it doesn't know yet, it will try to find machines in this new subnet as well as in the neighboring subnets.

Sherlock : discovery of the environment

Vulnerability detection

For each detected machine, the Sherlock probe will try to find out what services are running on that machine
For each detected service, the Sherlock probe will then retrieve the list of known vulnerabilities from its internal database.
If the detected vulnerability matches a validating scan module, the Sherlock probe uses that module to verify the relevance of the discovery.

Sherlock : vulnerability detection

Vulnerability validation

When validating a vulnerability the probe will generate a random subdomain for each test.
The probe then uses this random subdomain to launch the fake attack.
The Sherlock probe then monitors for a few minutes this domain name.
If the server responds that this domain name has been queried, the probe can deduce that the attack is possible without having touched anything on the production server.

Sherlock : vulnerability validation

Report generation

At the end of each audit, the Sherlock probe makes a summary of the results found and calculates the final score.
If the rating has degraded (a new vulnerability has emerged, for example) or it has been a long time since the end customer has received a report, a new audit report is sent.
Whatever happens a detailed audit report is generated locally and can be retrieved at any time via the GUI.

Sherlock : report generation

Exchanges with ProHacktive

Every minute, Sherlock probes communicate with the ProHacktive infrastructure to report their health status.
The ProHacktive teams but also partners can therefore monitor the health of your box and especially validate that the configuration is correct.
In case of concerns and at the request of ProHacktive teams, your Sherlock probe can come and connect to our infrastructure so that internal teams can troubleshoot it.

Sherlock : exchanges with ProHacktive

Retour au lexique

About ProHacktive

Contact