On the 4th of October 2022 CISA released a binding operational directive 23-01 for improving asset visibility and vulnerability detection on federal networks. It can be seen here
The guidance is robust and focuses on frequency and coverage. It requires federal organisations to do the following, but the recommendations are applicable to all companies.
Implementation guidance is here
Below is a short mapping of the CISA directive and how Edgescan delivers its features.
Chickens come home to roost.
It’s clear that this should be a baseline approach to not just federal organisations but a minimum requirement for any business. When we review the past few years, most ransomware attacks were a result of a simple breach of systems like remote working services or unpatched firewalls (Exposed unmanaged services). This approach is an attempt to reduce the risk of breach via continuous visibility and vulnerability detection. Something Edgescan has been delivering since 2016!!
If you want to learn more about Edgescan, click the button below: