Unveiling the Hidden: How Protocol Discovery is Revolutionizing…

In the vast and complex landscape of cybersecurity, the ability to identify and understand the services running behind open ports is crucial. Most tools merely tell you that a port is open, but we believe that's not enough.

In the vast and complex landscape of cybersecurity, the ability to identify and understand the services running behind open ports is crucial. Most tools merely tell you that a port is open, but we believe that’s not enough. We’ve launched Protocol Discovery, a custom-built engine designed to move beyond simple port scanning by identifying the specific services communicating behind your open ports. This isn’t just another port scanner; it’s a unique solution that provides significantly more value to your team than standard tooling.

You might have an exposed Redis database, a Cisco ASA VPN appliance, or even a Minecraft server sitting on your surface. Your tools might see 443/tcp, some tools will send a HTTP probe over TLS and happily announce “https”, but our new engine can dig even deeper to find the SOCKS5 protocol multiplexed along https, identify SSH running on non-standard ports (which we find just as often as port 22), or even negotiate TLS over TLS to find even greater (previously invisible) attack surface. To truly secure your attack surface, you need to know exactly what is communicating over that port.

Engineering a better Discovery engine

A key part of what we do at Detectify is building unique solutions that provide significantly more value to your team than standard tooling. Building on the principles pioneered by open-source classics like Nmap, our new engine is tailored for the specific speed and demands of the modern cloud:

2X the Probes

We’ve doubled the number of probes compared to an equivalent OSS tool, specifically targeting service-specific signatures that others miss. This means we can identify a wider range of services and protocols, providing you with a more comprehensive view of your attack surface.

Unrivaled speed

While an equivalent OSS tool takes 4 minutes to scan, we do it in under 10 seconds on comparable infrastructure. This allows for more frequent testing without resource bloat. In the fast-paced world of cybersecurity, speed is of the essence. Our engine’s unrivaled speed means you can stay ahead of potential threats and respond to changes in your environment more quickly.

Protocol nesting, multiplexing & multi-protocol classification

We can now detect multiplexed protocols, such as a Cisco ASA appliance communicating over both 443/tcp -> TLS -> HTTP (https) and 443/tcp -> TLS -> SOCKS5. Along with other interesting behaviors such as 443/tcp -> TLS -> TLS -> HTTP. Notice the double “TLS” – this is highly unusual. Our engine can handle these complex scenarios, providing you with a deeper understanding of your attack surface.

Finding the invisible

Our data shows that SSH is found on non-standard ports just as often as on port 22 (50.7% on 22/tcp, with the remaining 49.3% on other ports). We’re also identifying high-risk exposures like Redis and MongoDB that should not be public-facing. These are often overlooked by standard tools, but our engine can find them, helping you to secure your environment more effectively.

Deep visibility into niche & legacy protocols

Our new probes cover everything from modern web services to legacy enterprise and industrial systems:

Enterprise systems

We can identify services like Oracle WebLogic, SAProuter, and IBM DB2. These are often found in enterprise environments, and understanding their exposure can help you to secure your critical infrastructure.

Critical infrastructure

We can also identify protocols like DNP3 (Power/Water SCADA) and Niagara Fox (Building Automation). These are found in critical infrastructure, and understanding their exposure can help you to protect your physical and digital assets.

Legacy & finance

Our engine can identify legacy protocols like IBM Mainframe and ATM host protocols. These are often found in financial institutions, and understanding their exposure can help you to protect your sensitive data.

High risk

We can also identify high-risk protocols like MSMQ (remember the QueueJumper RCE) and Java Debug Wire Protocol. These are often found in enterprise environments, and understanding their exposure can help you to secure your critical infrastructure.

What’s new in your dashboard?

With Protocol Discovery, you can now see a more detailed view of your attack surface in your dashboard. This includes information about the specific services running behind your open ports, the protocols they’re using, and any potential risks associated with their exposure.

Conclusion

Protocol Discovery is a game-changer in the world of cybersecurity. It provides you with a deeper understanding of your attack surface, helping you to identify and mitigate potential risks more effectively. With its unrivaled speed, comprehensive probes, and ability to handle complex scenarios, it’s a tool that every security team should have in their arsenal.

FAQ

What is Protocol Discovery?

Protocol Discovery is a custom-built engine designed to move beyond simple port scanning by identifying the specific services communicating behind your open ports. It’s a unique solution that provides significantly more value to your team than standard tooling.

How does Protocol Discovery differ from other port scanners?

Protocol Discovery differs from other port scanners in several ways. It has doubled the number of probes compared to an equivalent OSS tool, specifically targeting service-specific signatures that others miss. It’s also much faster, scanning assets in under 10 seconds. Additionally, it can detect multiplexed protocols and handle complex scenarios like TLS over TLS.

What kind of services can Protocol Discovery identify?

Protocol Discovery can identify a wide range of services, from modern web services to legacy enterprise and industrial systems. It can identify services like Oracle WebLogic, SAProuter, IBM DB2, DNP3 (Power/Water SCADA), Niagara Fox (Building Automation), IBM Mainframe, ATM host protocols, MSMQ, and Java Debug Wire Protocol.

How can Protocol Discovery help me secure my attack surface?

Protocol Discovery can help you secure your attack surface by providing you with a deeper understanding of the services running behind your open ports. This includes information about the specific services, the protocols they’re using, and any potential risks associated with their exposure. This information can help you to identify and mitigate potential risks more effectively.

Is Protocol Discovery suitable for the modern cloud environment?

Yes, Protocol Discovery is tailored for the specific speed and demands of the modern cloud. It’s much faster than equivalent OSS tools, scanning assets in under 10 seconds. This allows for more frequent testing without resource bloat, making it suitable for the modern cloud environment.

More Reading

Post navigation

Leave a Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

If you like this post you might also like these

back to top