Rumble 2.5 Identify endpoint protection agents, detect wireless & mobile Internet, and scan all your EC2 accounts

|
Updated

What's new with Rumble 2.5? #

  • Identify endpoint protection agents via integrations and unauthenticated scans
  • Fingerprint wireless and mobile Internet on Windows without authentication
  • Better fingerprinting for Windows 10 and 11, desktop/server, secondary IPs
  • Discover AWS EC2 assets across all accounts
  • Report unmapped MACs

Keep reading to learn more about some of the new 2.5 capabilities.

Identify endpoint protection agents via integrations and unauthenticated scans #

Rumble now includes CrowdStrike, McAfee, Avast, AVG, Checkpoint and Kaspersky endpoint protection solutions in its inventory. Depending on the vendor, we do this through unauthenticated network scans or pull in the information through integrations.

Integrate Rumble with CrowdStrike Falcon #

You can now integrate CrowdStrike Falcon with Rumble through an authenticated API connection with the CrowdStrike backend. Quickly identify the assets that are missing an EDR agent with the new CrowdStrike Falcon connector. This capability helps determine off-site assets that are not being seen by your Rumble scans.

CrowdStrike EDR

For example, to find all Windows devices that do not have CrowdStrike installed, use this query:

os:windows and not source:crowdstrike

Rumble uses device attributes returned by the CrowdStrike connector for fingerprinting and asset enrichment. The CrowdStrike attributes are also searchable and supported by the Rumble asset attribute reports.

CrowdStrike attributes

Fingerprint Windows endpoint protection over the network, without credentials #

Based on fun new research that we'll reveal next week, Rumble can now fingerprint several endpoint protection agents running on Windows devices, remotely and without credentials. This currently includes support for some versions of McAfee, Avast, AVG, Checkpoint, and Kaspersky, with many more in our research queue. The EDR reporting is consistent with the new CrowdStrike Falcon connector (see below), which allows asset queries for has:edr.name to work regardless of how the EDR was detected.

EDR detected

Learn more about the techniques behind this work.

Fingerprint wireless and mobile Internet on Windows without authentication #

Rumble now also flags assets that have active wireless and mobile Internet connections, remotely and without authentication.

WAN detected

Hint: This is based on the same research as our unauthenticated endpoint protection fingerprinting.

Better fingerprinting for Windows 10 and 11, desktop/server, and secondary IPs #

The Rumble scan engine is now better than ever at fingerprinting assets running the Windows operating system. This release adds coverage for current builds of Windows 11 and Windows 10 21H2, as well as better discernment between workstation and server versions of the same build.

Windows systems

Lastly, Rumble now includes additional methods for reporting secondary IPv6 addresses as well as IPv4 addresses on Windows devices.

Secondary IPs

Discover AWS EC2 assets across all accounts #

The AWS EC2 connector now supports multi-account instance discovery through STS "AssumeRole" capabilities. This connector can automatically create a new site for each VPC and reduce the work involved when multiple AWS accounts are used across the enterprise.

AWS EC2 instances

Improved Reports page #

Easily find the report you need with the redesigned Reports page. Use the new top-level search bar to find the report you're looking for. Please note that the Query tab has been moved and is now a top-level navigation item.

Reports page

Investigate your unknowns with the Unmapped MACs report #

The Unmapped MACs Report provides context on what devices are missing from your scan scope. This report flags every asset that was found connected to a managed switch, but not correlated with a scan result, organization by switch port, and with the MAC, vendor and estimated device age on hand to support your investigation.

Unmapped MACs

Export network graphs to PNG #

You can now export the Switch Topology and Network Bridges graphs as PNG files to embed into reports or presentations. Rumble will save the file based on your browser's scale and resolution, so you can adjust your view as needed.

View site-specific dashboards #

The new site switcher lets you filter your dashboard data by site. Switching the site will automatically update the dashboard with the relevant asset data–such as asset types, OSes, and hardware–and services data–such as TCP ports, UDP parts, and protocols. To share a site-specific dashboard, you can copy the URL and send it out to your team.

Site switcher

Release notes #

This release includes a rollup of all the 2.4.x updates. Read the changelog to see all the improvements and updates in this release.

Try Rumble #

Don't have access to Rumble yet? Sign up for a free trial to try out these capabilities for 21 days.

Written by runZero Team

Due to the nature of their research and out of respect for their privacy, runZero team members prefer to remain anonymous. Their work is published under the runZero name.

More about runZero Team
Subscribe Now

Get the latest news and expert insights delivered in your inbox.

Welcome to the club! Your subscription to our newsletter is successful.


Related Articles

runZero Insights
Taming the Typhoons: How runZero Keeps You Ahead of State-Sponsored Cyber Threats
China's Typhoon cyber attacks are evolving, but runZero helps you stay one step ahead with unmatched visibility and proactive defense.
runZero Insights
Ensure compliance with DORA’s ICT risk framework using runZero
Learn how to uncover unmanaged and unknown assets— including IT, OT, and IoT— to meet DORA's hidden risk requirements using runZero.
Life at runZero
Employee Spotlight: Doug Markiewicz
Doug Markiewicz is a strategic Customer Success Engineer with a passion for solving complex cybersecurity problems. Learn more about his journey as...
runZero Insights
Evolving from IT to IoT: Flax Typhoon preyed on the lesser knowns
A look at Flax Typhoon's latest operations, and how runZero’s unknown and IoT asset visibility can help calm the storm for security teams.

See Results in Minutes

Get complete visibility into IT, OT, & IoT — without agents, credentials, or hardware.

© Copyright 2024 runZero, Inc. All Rights Reserved