Last updated at Tue, 25 Jul 2017 17:53:47 GMT
On Monday, Symantec made the rare decision to tell their customer base to either uninstall or disable their remote control software suite pcAnywhere. Symantec made this decision because their users were at risk to be exploited by publicly known vulnerabilities that they had not been able to create a patch for yet. This recommendation to disable software due to active exploitation is not a new one. However, it is a daunting task for a system administrator or security engineer to determine where exploitable software is installed within their environment. How can they do this quickly?
Well, Nexpose can help. One of the great features within Nexpose is the concept of a "Dynamic Asset Group" (affectionately known as DAGs). A Dynamic Asset Group allows users to filter assets based on a set of criteria. Therefore, a user can restrict the list of assets they are looking for based on specific metadata that the user is interested in.
One of the criteria that a user can use to create a Dynamic Asset Group is the Installed Software found on an asset. So, based on the example above, let's create a Dynamic Asset Group that contains all assets that have pcAnywhere installed.
To create a new Dynamic Asset Group, click on the "New Dynamic Asset Group" icon on the main page of the Nexpose dashboard. You are taken to the wizard to create a new DAG.
In this example, I've chosen to create a new DAG based on the "Software name" DAG filter while entering in "pcAnywhere" in the search field. After hitting search, there is a single host that matches my DAG Search. This host has pcAnywhere installed on the system. I can then create a DAG around this filter. In this case, I created a DAG called "pcAnywhere".
That's it! It is important to note that Dynamic Asset Groups are modified after every scan performed by Nexpose. Therefore, if your organization has taken the security posture to uninstall software, you can track this effort to zero by monitoring the list of assets within the DAG over time. DAGs are an extremely powerful and easy to use feature that allow you to create your views that are unique to your environment.