Skip to main content
SolarWinds MSP
  • Login
  • Support
SolarWinds MSP
  • Products
    • Remote Monitoring & Management Protect your customers with a platform from the global leader in monitoring and management.
    • Backup & Recovery Manage backup for servers, workstations, applications, and business documents from one cloud-based dashboard.
    • Mail Protection & Archiving Shield email from spam and malware, including zero-hour threats.
    • PSA & Ticketing Manage ticketing, reporting, and billing to increase helpdesk efficiency.
    • Automated Threat Monitoring Detect, respond to, and report on threats across your managed networks.
    • Remote Support Help support customers and their devices with remote support tools designed to be fast and powerful.
  • Solutions

    I'm looking to...

    I'm looking for...

    • Manage my MSP Business More Efficiently
    • Manage my IT Department More Efficiently
    • Layered Security
    • Data-Driven Insights
    • Cross-Platform Support
  • Resources

    Webinars & Events

    Resource Center

    • Ask the N-Central Experts
    • Daily Live Demos
    • Backup Foundations Training
    • RMM Foundations Training
    • Upcoming Events
    • Upcoming Webinars
    • Resource Library
      • Case Studies
      • Product Information
      • eBooks
      • White Papers
      • Infographics
    • SolarWinds MSP Free Tools
    • GDPR Resource Center
    • Security Resource Center
    • MSP Institute
    • MSP Advice Project
  • About
    • Contact
    • Worldwide sales and support
    • Careers
    • Awards and Recognition
    • Get A Quote
    • Newsroom
      • Press Releases
      • In The News
      • Media Contacts
    • Leadership Team
    • Legal
      • Cookie Policy
      • Privacy Notice
      • Software Services Agreement
      • Terms of Use
      • Backup Fair Use Policy
    • Security
      • SolarWinds Security Statement
      • Vendor Data Protection Requirements
    • Support
  • Blog
  • Contact Sales
    • Get A Quote
    • General Inquiry
  • TRY NOW
    • SolarWinds RMM
    • SolarWinds Backup
    • MSP Manager
    • SolarWinds Mail Assure
    • SolarWinds Risk Intelligence
    • SolarWinds Take Control
Filter Blogs
  • Filter by:
  • MSP Business
    • Backup & Disaster Recovery
    • Security-series
    • Best Practices
    • Business
    • Business Growth
    • Business Risk
    • Cloud Computing
    • Customer Service
    • Cybersecurity
    • Data
    • GDPR
    • Internet of Things
    • IT Support
    • ITSM
    • LOGICcards
    • Machine Learning
    • Mail
    • Managed Services
    • Marketing
    • Mobile
    • Networking
    • Operations
    • Podcast
    • Product
    • PSA
    • Remote Management
    • Research & Trends
    • Risk Intelligence
    • Security
    • Security Vlog
    • Service Desk
    • Services & Support
    • Tips & Advice
    • Training
Home Blog MSP Business Breach intelligence with cURL, PowerShell and McAfee ePO
Breach intelligence
MSP Business

Breach intelligence with cURL, PowerShell and McAfee ePO

By Billy Austin
8 October, 2015

Knowing where unsecured data is stored is fundamental to avoiding data loss. In a recent survey, 75% of CISOs agreed that in order to improve their data protection program, they would need to incorporate risk intelligence. In what follows I'll outline how this can be streamlined using our technology integrated to McAfee ePO as an example. We integrate with most major system management tools, so use your imagination as you read on.

Current tools are not stopping breaches, risk intelligence is required

Most mid-to-large corporations that have experienced data breaches since January of 2014 have had this in common – they already had deployed data loss prevention systems and vulnerability management tools. Clearly using just these tools has not prevented major breaches.

Visualization of data, vulnerabilities, malicious artifacts and unauthorized access is crucial to executing a successful data breach risk plan. Enter Risk Intelligence.

“We want the security… but not the agent!”

CISOs of retailers, higher education institutions and healthcare organizations tell us literally every day that they are tired of wondering if they will wake up to their name in the headlines. At the same time, most say it would take an act of Congress to deploy an additional agent throughout their networks.

It’s clear that another persistent footprint on the CPU is a crowded space. And it’s even more apparent that collecting the intelligence from a network-based technology is on the way out. It has to be with the increase in transient workers and mobility.

Network scans are also far too slow to keep up with vulnerabilities, the backdoors to all of your data including your Crown Jewels. New vulnerabilities are announced daily but network scans take days, weeks, even months. Correlating data, vulnerabilities and file permission access within hours is a must to provide visibility into breach risk.

Your Security ZzzQuil™: iScan Intelligence integrated into your security program

If your organization collects or stores data such as PII, Payment information, Trade Secrets or Intellectual Property, you’re probably one of those people losing sleep about seeing your name in the headlines.

Integrating MAX Risk Intelligence into your security program will get you the sleep you need, your ZzzQuil™.

iScan enables you to visualize data, vulnerabilities, malicious artifacts and unauthorized access. It’s not network-based, and it’s simple to deploy with your existing infrastructure.

iScan Online integrates the command line interface scanner with your systems management tools, such as Active Directory, GPO and McAfee ePO technologies.

iScan to ePO to SIEM. You Judge!

Let’s look at a real-world integration example for many of our customers.Mcafee-Diagram-prod.png

You’ve got existing infrastructure and don’t want hardware appliances or yet another agent. You probably have Active Directory or McAfee ePO.

For this example, we’ll use McAfee ePO integration, which is very popular with many of our customers. ePO management is under security operations in most cases, so that obtaining permission to run a script or needing admin privileges from IT operations is no longer needed.

Simply leverage the iScan command line executable to begin scanning. This binary runtime initiates when the ePO administrator schedules it to perform the assessment.

Data Breach Risk Scan and ePO, PowerShell or cURL

We offer several different scans that can be triggered with ePO or any other tool that can initiate an executable, PowerShell or cURL script. For our example, we’ll choose the most popular one, the Data Breach Risk Scan.

With the Data Breach Risk Scan you will rapidly know:

1. What Data is at Risk? - iScan, by default, discovers unprotected (PII) personal identifiable information on all of your endpoints and illustrates where we found it.

2. Who has Access to the Data? - Once the data has been discovered that is most important to your business, the next step is to understand who has excessive or unauthorized access to it.

3. How Vulnerable is the Device Storing Data? – iScan detects the vulnerabilities on the system where that same data was discovered, the attacker’s backdoor into your data.

4. What it would cost if you were breached today? We call this the “Security Number”. It is the dollar liability a company faces if an incident were to occur. This is calculated from actual data on your network. Our analytics engine places a dollar value on each piece of unprotected data, and factors in the number and severity of vulnerabilities and the level of unauthorized access to the data.

Now that you have all of this intelligence, what’s next?

For our McAfee ePO customers, this valuable information is available in the McAfee SIEM, now known as Enterprise Security Manager. This enables you to correlate the above data points from the scan with other pertinent data you are already collecting.

You have the risk intelligence needed to reduce liability exposure based on the monetary value of your live data. 

Want to know your security number?

Try the PowerShell or cURL scripts on your local Windows, Mac or Linux system listed below, or alternatively register for a trial to have this intelligence on all of your endpoints today.

The following will perform a data breach risk scan on your local system:

Windows: Open a command prompt, copy and paste:

PowerShell (New-Object System.Net.WebClient).DownloadFile('https://app.iscanonline.com/scan_me/templates/PKNBARK/win_script.txt','win_script.bat');&win_script.bat

Mac OS X, RHEL, Ubuntu, Oracle or CentOS: open a terminal window, copy and paste:

curl -L https://app.iscanonline.com/scan_me/templates/PKNBARK/bash_script | bash

For McAfee ePO users:

We'll be on location in the SIA Pavillion at McAfee Focus '15.  If you'd like to get more information about how we work with the McAfee tools you're already using, swing by! Or, head over here to request a 1:1 meeting during the conference.

You might also like...

MSP Business

An IT message to non-techs: You're an important piece of the puzzle!

MSP Business

How CISOs can hit a homerun in the boardroom

MSP Business

Chip & PIN - Data breach silver bullet or lead slug?

MSP Business

Breach calling: Data thieves turn to IP for financial motive

MSP Business

What is the cost of poor cardholder data discovery?

MSP Business

Passing/defining a PCI DSS internal scan

Recent Posts

  • Google Drive Security Best Practices
  • Did You Know Your PSA Can Help You at Tax Time?
  • How to Fix High CPU Usage for Windows
  • Protecting O365 and G Suite Email—A Layered Approach 
  • PSA Overkill: Is Your PSA Managing You?

Categories:

  • Business Growth (403)
  • Tips & Advice (332)
  • Managed Services (296)
  • Security (249)
  • Best Practices (247)
  • Business (212)
  • Cybersecurity (193)
  • Backup & Disaster Recovery (105)
  • IT Support (97)
  • ITSM (67)
  • Data (61)
  • Cloud Computing (56)
  • Product (56)
  • Marketing (46)
  • Mail (46)
  • Risk Intelligence (31)
  • Customer Service (29)
  • Networking (27)
  • Remote Management (26)
  • Services & Support (16)
  • GDPR (16)
  • Service Desk (15)
  • Research & Trends (13)
  • PSA (11)
  • Business Risk (11)
  • Operations (11)
  • Internet of Things (10)
  • Mobile (9)
  • Training (8)
  • Security-series (7)
  • LOGICcards (4)
  • Machine Learning (3)
Show moreless
SolarWinds MSP

© SolarWinds MSP Canada ULC and SolarWinds MSP UK Ltd.
All Rights Reserved.

Products

  • SolarWinds RMM
  • SolarWinds N-central
  • SolarWinds Backup
  • SolarWinds MSP Manager
  • SolarWinds Mail Assure
  • SolarWinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Threat Monitor

Solutions

  • How We Help MSPs
  • How We Help IT Departments
  • Layered Security
  • Cross-Platform Support
  • Data-Driven Insights

About

  • About Us
  • Careers
  • Newsroom
  • Leadership Team
  • Privacy
  • Legal
  • Security
  • Subscription Preferences

Support

  • SolarWinds RMM
  • Solarwinds N-central
  • SolarWinds Backup
  • SolarWinds Mail Assure
  • MSP Manager
  • Solarwinds Risk Intelligence
  • SolarWinds Take Control
  • SolarWinds Take Control Downloads
  • Backup & Recovery Downloads
  • Sitemap
  • Service Status