• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
improve your security posture with wazuh, a free and open

Improve your security posture with Wazuh, a free and open source XDR

You are here: Home / General Cyber Security News / Improve your security posture with Wazuh, a free and open source XDR
September 28, 2022

Corporations struggle to locate methods to preserve a fantastic security posture. This is mainly because it is tricky to produce protected procedure insurance policies and find the correct equipment that support reach a fantastic posture. In many cases, organizations get the job done with equipment that do not integrate with every single other and are pricey to order and retain.

Security posture management is a term used to explain the approach of figuring out and mitigating security misconfigurations and compliance challenges in an firm. To manage a very good security posture, corporations should at minimum do the subsequent:

  • Preserve inventory: Asset stock is considered initial mainly because it delivers a in depth list of all IT assets that really should be safeguarded. This contains the hardware devices, purposes, and providers that are getting applied.
  • Conduct vulnerability evaluation: The up coming action is to execute a vulnerability evaluation to determine weaknesses in applications and providers. Knowledge of the vulnerabilities enable to prioritize risks.
  • Be certain protected method configuration: This entails modifying technique options in buy to improve over-all method security by mitigating hazards. Actions such as altering default settings, identifying and eliminating misconfigurations have a tendency to enhance organizational security posture.
  • Monitor all belongings to detect attacks: In addition, all IT belongings should really be consistently monitored to detect attacks towards the infrastructure. This can be completed by monitoring network, technique, and application logs for anomalies or indicators of compromise.

The Wazuh option

Wazuh is an open up resource unified XDR and SIEM platform. It is absolutely free to use and has more than 10 million annual downloads. The Wazuh system has brokers which are deployed on the endpoints you want to observe. The Wazuh agent collects security occasion details from the monitored endpoints and forwards them to the Wazuh server for log investigation, correlation, and alerting.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


The Wazuh platform has many inbuilt modules with the intention of strengthening the total security posture of an corporation. We have highlighted some relevant Wazuh modules in the following sections.

Program stock

The Wazuh method stock module gathers facts from monitored endpoints where the Wazuh agent is installed. This module collects the following courses of facts from the endpoints:

  • Hardware and running procedure data.
  • Installed applications and deals.
  • Network interfaces and open up ports.
  • Offered updates and running processes.

Examples of the inventory knowledge collected by Wazuh are proven in the impression under:

Free Wazuh XDR

Info received listed here is later on used for vulnerability or risk detection. For example, the version of an mounted bundle can be used to decide irrespective of whether it is susceptible or not.

Vulnerability detector

The Wazuh vulnerability detector module is applied to find out vulnerabilities that may possibly be current in the operating technique and programs on the monitored endpoints. The Wazuh server builds a world vulnerability databases from publicly obtainable CVE repositories. This details is cross-correlated with the endpoint inventory data to detect vulnerabilities. An illustration outcome of a Wazuh vulnerability scan is shown underneath:

Free Wazuh XDR

Detected vulnerabilities are categorized into four severity concentrations namely: critical, large, medium, and reduced. This will help when prioritizing threats and exposures.

Security configuration evaluation (SCA)

The Wazuh SCA module can assess program configuration and increase alerts when configurations fall short to meet up with described protected procedure insurance policies. Wazuh has out-of-the-box SCA insurance policies that are utilised to test for compliance with the Center of Internet Security (CIS) benchmarks. People can very easily produce their have guidelines or prolong existing kinds to match their wants. Wazuh SCA insurance policies are written in YAML structure which is readable and straightforward to recognize.

Illustrations of the functions produced when the SCA module is executed on an endpoint are shown below:

Free Wazuh XDR

Each individual SCA examine on the Wazuh dashboard consists of facts about the configuration that was checked and the remediation steps to harden the program. We grow a single of the SCA checks and get the following in-depth outcome:

Free Wazuh XDR

With the SCA module, we are able to test for misconfigurations and compliance with different regulatory frameworks (PCI DSS, GDPR, and NIST). The compliance checks finished by the Wazuh SCA module are important for companies in seriously regulated industries.

Threat detection and reaction

The Wazuh agent forwards security celebration information to the Wazuh server for malware and anomaly detection. In addition to this, the agent operates periodic scans on monitored endpoints to detect rootkits.

Wazuh monitoring abilities are not limited to the Wazuh agents by yourself. The Wazuh platform delivers agentless checking for products these as routers, firewalls, and switches that do not help the set up of brokers.

As a unified XDR and SIEM platform, security event facts from different security goods are forwarded to Wazuh for correlation and warn era. A sample of the Wazuh security events dashboard is shown below:

Free Wazuh XDR

It is required to consider remediation actions when security incidents are detected. Wazuh has the potential to automate remediation steps with its active reaction module. This is handy in responding to critical or frequent alerts that need to have automation to lessen the workload of the analysts. For illustration, an energetic reaction script can block an IP tackle attempting bruteforce on SSH login. Custom energetic reaction scripts can be established to execute when specific alerts are induced.

The takeaway

A fantastic security posture lessens the attack surface of any group. We have highlighted some of the issues to look at in order to attain a retain a great posture. We suggest a no cost resolution that integrates nicely with a extensive selection of programs, technologies, and endpoints. Wazuh is equipped to sustain stock, complete vulnerability evaluation, check for safe program configuration, and detect and reply to attacks.

Wazuh is no cost to use and has a massive local community of buyers who assistance just about every other and help to improve the item. You can benefit from the Quickstart tutorial to immediately deploy a Wazuh server, or use the on-desire Wazuh cloud company.

Found this article attention-grabbing? Observe THN on Facebook, Twitter  and LinkedIn to examine extra exceptional content material we article.


Some components of this post are sourced from:
thehackernews.com

Previous Post: «cyber security in manufacturing Cyber security in manufacturing
Next Post: Cyber Criminals Using Quantum Builder Sold on Dark Web to Deliver Agent Tesla Malware cyber criminals using quantum builder sold on dark web to»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
  • Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion
  • CTEM is the New SOC: Shifting from Monitoring Alerts to Measuring Risk
  • Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware
  • WordPress Sites Turned Weapon: How VexTrio and Affiliates Run a Global Scam Network
  • New TokenBreak Attack Bypasses AI Moderation with Single-Character Text Changes
  • AI Agents Run on Secret Accounts — Learn How to Secure Them in This Webinar
  • Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction
  • Non-Human Identities: How to Address the Expanding Security Risk
  • ConnectWise to Rotate ScreenConnect Code Signing Certificates Due to Security Risks

Copyright © TheCyberSecurity.News, All Rights Reserved.