Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Architecture Analysis

Architecture Analysis

Section titled “Architecture Analysis”

5 automated security scanners

Edge Computing Security

Section titled “Edge Computing Security”

Purpose: The Edge Computing Security Scanner is designed to detect and assess the security posture of edge computing environments by analyzing company documentation, public policy pages, trust center information, and compliance certifications. This tool aims to ensure that edge nodes are properly secured against potential threats by identifying security policy indicators, maturity indicators, hardening practices, distributed security measures, and compliance documentation.

What It Detects:

  • Security Policy Indicators: Identifies the presence of comprehensive security policies, incident response plans, data protection measures, and access control mechanisms.
  • Maturity Indicators: Confirms SOC 2 compliance, validates ISO 27001 certification, detects penetration testing or vulnerability scanning activities.
  • Hardening Practices: Evaluates the implementation of security hardening measures on edge nodes, including regular updates and patch management, network segmentation, and firewall configurations.
  • Distributed Security Measures: Assesses the deployment of distributed security architectures, uses decentralized control mechanisms, enforces multi-factor authentication across edge nodes, and ensures encryption for data in transit and at rest.
  • Compliance Documentation: Reviews publicly available compliance certifications, analyzes trust center information for security assurances, and verifies adherence to industry standards and best practices.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com) - This is the main website address used to gather security documentation and policy statements.
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”) - Used to search within company websites for relevant security policies and compliance certifications.

Business Impact: Ensuring robust security measures in edge computing environments is crucial as these systems often handle sensitive data and critical business operations. Properly secured edge nodes can mitigate risks associated with cyber threats, protect against data breaches, and maintain the integrity of distributed systems.

Risk Levels:

  • Critical: Conditions that pose a severe risk to security, potentially leading to significant data loss or system compromise. Examples include lack of comprehensive security policies or absence of ISO 27001 certification.
  • High: Conditions that could lead to substantial risks if not addressed promptly. Examples include unpatched edge nodes or inadequate encryption practices.
  • Medium: Conditions that may still pose a risk but are less severe than those at the critical level. Examples include outdated security hardening measures or incomplete compliance documentation.
  • Low: Informational findings that do not directly impact security but could be indicative of potential issues needing attention. Examples include minor discrepancies in access control mechanisms.
  • Info: Findings that provide general insights into security practices without being classified as critical, high, medium, or low. These are typically informative and suggest areas for improvement.

Example Findings:

  • A company lacks a detailed security policy outlined on its website, which could lead to inadequate protection against cyber threats.
  • An edge node is not regularly patched, posing a risk of exploitation by known vulnerabilities in the software version being used.

Zero Trust Assessment

Section titled “Zero Trust Assessment”

Purpose: The Zero Trust Assessment Scanner is designed to identify excessive trust and network segmentation gaps within an organization by analyzing its security policies, compliance certifications, and public documentation. This tool helps ensure adherence to zero-trust principles, minimizing unnecessary trust in both internal and external networks.

What It Detects:

  • Security Policy Indicators: Identifies the presence or absence of key security policy documents such as “security policy,” “incident response,” “data protection,” and “access control.”
  • Maturity Indicators: Checks for compliance certifications like SOC 2, ISO 27001, penetration testing, and vulnerability scanning.
  • Network Segmentation Gaps: Evaluates the organization’s network segmentation practices by looking for specific language indicating proper isolation of networks.
  • Trust Center Information: Analyzes trust center information to ensure it includes comprehensive security measures and transparency about data handling and protection.
  • Public Policy Pages: Scrutinizes public policy pages for adherence to zero-trust principles, including detailed descriptions of access controls and network segmentation strategies.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial for organizations aiming to implement robust security practices aligned with the zero-trust principles, which emphasize minimal trust and strict access controls across all network segments. Compliance with these standards can significantly reduce the risk of data breaches and unauthorized access, enhancing overall cybersecurity posture.

Risk Levels:

  • Critical: The scanner identifies significant gaps in critical security policies or certifications that are non-compliant with recognized standards such as SOC 2 or ISO 27001.
  • High: There is a notable absence of essential security documents or practices, which may lead to high exposure and vulnerability within the organization’s network infrastructure.
  • Medium: The organization demonstrates some compliance but lacks comprehensive policies or specific certifications that are necessary for an effective zero-trust model.
  • Low: The organization shows basic compliance with security principles, though there might be room for improvement in documentation and policy adherence to advanced cybersecurity standards.
  • Info: Minimal findings indicate the presence of basic security documents without significant gaps or non-compliance points.

Example Findings:

  1. The scanner flags a notable absence of detailed “security policy” and “incident response” documents, indicating a critical gap in foundational security practices.
  2. A high exposure to risk is identified due to the lack of SOC 2 compliance certification, which could lead to severe consequences if data breaches occur.

Microservice Security

Section titled “Microservice Security”

Purpose: The Microservice Security Scanner is designed to assess and ensure secure communication between microservices by detecting service-to-service authentication mechanisms and API gateway configurations. It evaluates potential vulnerabilities in DNS, HTTP, TLS/SSL, port usage, and API endpoints, providing a comprehensive security posture evaluation for microservice architectures.

What It Detects:

  • Service-to-Service Authentication: The scanner checks for mutual TLS (mTLS) certificates to secure communication between services and verifies the use of OAuth2 or other token-based authentication mechanisms to ensure secure exchanges.
  • API Gateway Configuration: It identifies APIs that lack proper authentication and authorization, as well as configurations such as rate limiting to prevent unauthorized access and abuse.
  • DNS Security: The scanner examines DNS records including TXT, MX, NS, CAA, and DMARC for security best practices and SPF records to guard against email spoofing.
  • HTTP Security Headers: It validates the presence and correctness of essential HTTP headers like Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options to mitigate common web vulnerabilities.
  • TLS/SSL Inspection: The scanner scans for outdated or weak TLS versions, insecure cipher suites, and protocols, ensuring the use of modern cryptographic standards.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com). This is essential for DNS queries, HTTP requests, TLS/SSL inspection, and port scanning to assess the security posture of the specified microservice environment.

Business Impact: Ensuring secure communication between microservices through robust authentication mechanisms and proper API gateway configurations is crucial for maintaining a secure and reliable system architecture. Poorly secured microservices can lead to unauthorized access, data leakage, and service disruptions that could impact business operations and reputation.

Risk Levels:

  • Critical: The scanner identifies APIs without any form of authentication or only using insecure methods (e.g., basic auth over HTTP).
  • High: The presence of weak TLS versions (e.g., TLSv1.0, TLSv1.1) and outdated cipher suites that do not meet modern security standards.
  • Medium: Missing or improperly configured HTTP security headers which fail to enforce necessary web protections.
  • Low: Minor issues such as unrecognized DNS records or minor discrepancies in TLS configuration settings.
  • Info: Informal findings related to potentially unnecessary configurations or non-critical deviations from best practices that do not pose immediate risks but could be improved for enhanced security.

Example Findings:

  1. A microservice is discovered without any authentication, posing a critical risk as it can be accessed and manipulated by unauthorized users.
  2. TLS configuration uses outdated protocols like SSLv3, which is highly vulnerable to attacks due to its lack of modern cryptographic protections.

Threat Modeling

Section titled “Threat Modeling”

Purpose: The Threat Modeling Scanner is designed to enhance the understanding of potential threats and ensure adequate measures are in place by analyzing company security documentation, public policy pages, trust center information, and compliance certifications. This tool aims to identify missed threat vectors and incomplete security controls, thereby improving overall security posture.

What It Detects:

  • Security Policy Indicators: The scanner identifies the presence or absence of key security policies such as “security policy,” “incident response,” “data protection,” and “access control.”
  • Maturity Indicators: It identifies compliance certifications and maturity indicators like SOC 2, ISO 27001, penetration testing, and vulnerability scanning.
  • Incomplete Controls: The scanner evaluates the completeness of security controls by checking for gaps in documented policies and procedures.
  • Threat Vector Identification: It scans for mentions of specific threat vectors that may be overlooked, including unauthorized access, data breaches, and cyber attacks.
  • Documentation Accessibility: It assesses the accessibility and comprehensiveness of company security documentation available on public channels.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • company_name (string): Company name for statement searching (e.g., “Acme Corporation”)

Business Impact: This scanner is crucial as it helps organizations identify potential vulnerabilities and ensure that their security measures are comprehensive, which directly impacts the overall security posture of the organization against various cyber threats.

Risk Levels:

  • Critical: Conditions that could lead to significant data breaches or compliance violations with severe penalties.
  • High: Conditions that pose a high risk of unauthorized access or significant impact on business operations.
  • Medium: Conditions that may lead to moderate risks such as exposure to certain cyber threats without immediate action.
  • Low: Informalities that do not significantly affect security but are still recommended for improvement based on best practices.
  • Info: Non-critical findings providing additional context or information about the company’s stance on cybersecurity.

Example Findings:

  1. The company lacks a comprehensive data protection policy, which is critical to identify and mitigate potential data breaches.
  2. There are no mentions of penetration testing in the compliance certifications, indicating a gap in evaluating internal security controls against external threats.

Security Architecture Review

Section titled “Security Architecture Review”

Purpose: The Security Architecture Review Scanner is designed to identify and assess potential vulnerabilities in the DNS records, HTTP headers, TLS configurations, port usage, and API endpoints of a given domain. Its primary objective is to provide actionable insights into the security architecture, thereby aiding in the enhancement of overall security posture.

What It Detects:

  • Design Flaws in DNS Records:

    • SPF Record Misconfigurations: The scanner checks for SPF records that grant permission to all senders, which can be a significant security risk.
    • DMARC Policy Weaknesses: It identifies DMARC policies set to none, quarantine, or reject without adequate alignment with organizational objectives, potentially leading to ineffective domain-wide email authentication.
    • Missing DKIM Records: The scanner detects the absence of DKIM records, which are crucial for verifying the authenticity of emails sent from a domain.

  • Inadequate Security Headers in HTTP Responses:

    • Strict Transport Security (HSTS): Ensures that browsers are encouraged to interact with a site via HTTPS by enforcing it even when users type in HTTP URLs.
    • Content Security Policy (CSP): Verifies the inclusion of CSP headers to mitigate various types of attacks, such as Cross-Site Scripting (XSS).
    • X-Frame-Options: Checks for this header to prevent clickjacking attacks where a site is loaded in an iframe.
    • X-Content-Type-Options: Detects the use of nosniff to ensure that browsers do not try to MIME type sniff content.

  • Vulnerable TLS/SSL Configurations:

    • Weak Cipher Suites: The scanner flags the use of cipher suites considered weak due to their cryptographic strength, including RC4, DES, and MD5 ciphers.
    • Outdated Protocol Versions: It identifies the use of outdated versions of TLS (Transport Layer Security), specifically those below TLSv1.2, which are known to be insecure for modern encryption standards.

  • Unsecured Port Usage:

    • Open Ports: Scans for any open ports that may expose services or data to unauthorized access.
    • Service Fingerprinting: Identifies the running services on these open ports to assess potential security risks and vulnerabilities.

  • API Endpoint Vulnerabilities:

    • API Security Headers: Checks if essential security headers are present in API responses, which is crucial for securing interactions between clients and servers.
    • API Version Exposure: Detects the exposure of outdated or insecure versions of APIs that could be exploited by attackers.

Inputs Required:

  • domain (string): The primary domain to analyze, such as acme.com, which is essential for DNS record, HTTP header, TLS configuration, and API endpoint analysis.

Business Impact: This scanner plays a pivotal role in the security architecture review of any organization by proactively identifying potential vulnerabilities that could be exploited by malicious actors. It helps organizations to address critical security gaps before they are exploited, thereby enhancing overall cybersecurity posture and compliance with industry standards such as GDPR or HIPAA.

Risk Levels:

  • Critical: The scanner identifies SPF records allowing all senders or weak DMARC policies set to none, quarantine, or reject. This is a critical issue that must be addressed immediately to prevent domain-wide email authentication failures and potential phishing attacks.
  • High: Missing DKIM records, use of outdated TLS versions, and the presence of open ports with unknown services are considered high-risk issues as they can lead to unauthorized access and data breaches.
  • Medium: The absence of certain security headers in HTTP responses and API endpoints could expose the organization to medium risks such as man-in-the-middle attacks or cross-site scripting vulnerabilities.
  • Low: Informational findings, while not directly risky, include weak cipher suites that are less critical but still need attention for improving encryption standards and user data protection.

Example Findings:

  1. A domain has an SPF record allowing all senders, which can be exploited by spammers to forge emails appearing as legitimate from the organization’s domain.
  2. The DMARC policy is set to none, leading to ineffective email authentication and potential unauthorized access through phishing attacks.