Like peanut butter and jelly or wine and cheese, some things are just better together. Our most recent example of things that go together is our integration of CornerShot into TrustMeter 3.0. While there are many new features added in 3.0, CornerShot significantly increases the power of TrustMeter, allowing it to scan an entire segmented network from a single location.
If you are unfamiliar with TrustMeter, it is best to start here to get a better understanding of the tool and its purpose. In short, TrustMeter is a network discovery tool, which helps you assess the level of trust in your network. It is fast, intuitive to use, and presents collected information in an easy to consume report.
CornerShot is a free open source tool, which was presented at BlackHat Europe 2020. It enables a user to “peek” at a remote host’s network permissions without the need to have any special privileges on that host.
In this post we will present how CornerShot integration boosts TrustMeter capabilities, and dive deeper into additional features you can now find in TrustMeter 3.0.
One of the biggest challenges that security teams (red and blue) are facing today is the ability to get a good understanding of their network in real time. This usually involves the deployment of multiple sensors or scanning agents across the network, and periodically collecting this information.
TrusMeter uses CornerShot to uncover network access from a remote host, without requiring any special privileges on that host. By collecting network access information from a multitude of remote hosts, it is possible to scan the entire segmented network from a single location.
After running TrustMeter, you will notice that the new report now shows if assets are accessible directly or indirectly:
The Networks.xlsx, which is generated after each scan, shows which assets can be used to access the indirectly accessible hosts, under the “Reachable Targets” column.
Another major feature in TrustMeter 3.0 is the ability to gain insights from collected data. TrustMeter analyzes the assets information and network properties to build corresponding models that characterize their behavior. The analysis is based on static features (such as Operating System version) and dynamic features (such as open TCP ports). The models are used to provide various types of insights in addition to detection of anomalous characteristics. For example:
The anomalies, if found, are then printed to a report with a suffix of “Insights.csv”. There is no representation of these insights in the HTML report at this version of TrustMeter.
There are additional features that were requested by clients and the security community, which made their way into TrustMeter 3.0. These are:
We are glad to support the growing community of users that rely on TrustMeter for security assessments. We are always open to ideas, comments and suggestions regarding future versions of TrustMeter, so if you have ideas, don’t hesitate to reach out to us at firstname.lastname@example.org..