Full-scale deployment
As you get started with runZero, we recommend kicking off with our standard deployment plan and adding tasks as needed. The standard deployment plan is broken out into six stages which will help you plan out your requirements, execute the deployment, and optimize your environment based on runZero’s best practices.
Planning
This first set of tasks will help your team identify target results, get ahead of potential blockers, and help you avoid misconfigurations within runZero.
Tasks
- Determine your success outcomes using runZero. Some common success outcomes include:
- Reducing gaps in asset visibility
- Key results
- Scan all assets in days rather than weeks
- Integrated with all cloud providers and other relevant tools
- Resources
- Key results
- Reducing investigation times
- Key results
- Find any asset in your environment in seconds
- Able to review all services an asset runs in minutes
- Understanding of potential exposure on new vulnerabilities
- Resources
- Key results
- Reducing asset risk
- Key results
- Eliminate misconfigurations
- Reduce gaps in endpoint protection
- Reduce gaps in vulnerability scanning
- Eliminate unmanaged assets
- Number of unauthorized assets found and removed
- Resources
- Key results
- Reducing gaps in asset visibility
- Identify key organizational stakeholders
- Administrator(s) - who will be setting up runZero?
- Integration owner(s) - who will provide credentials for each integration?
- All users take the runZero 101 training
- Administrators take the runZero 201 training
- Determine whether self-hosting is required (docs | video)
- Identify known networks and subnets for discovery and other inventory sources (docs | video)
- Define organizations based on RBAC requirements (docs | video)
- Determine Explorer and scanner>) deployment location(s)
- Read up on the differences between the Explorer and scanner here
Initial configuration
Once you have your plan in place, it’s time to execute and run your initial scans. Please note that these configuration tasks are in a prioritized order to help you avoid having to reconfigure things down the road.
Tasks
- Deploy self-hosted console (if required) (docs | video)
- Setup organizations
- Set up sites, and define subnets for discovery (video)
- Sites do not necessarily correspond to physical locations within runZero. Sites are used to represent distinct networks that may have overlapping IP space
- Install Explorer(s) and/or scanner(s) (video)
- Run initial scan (docs | video)
Analysis
Now that you have done some initial discovery, it’s time to review the results. Reviewing the results and leveraging our reports will help you expand scan scope, better understand your network, as well as help you identify key issues such as misconfigurations.
Tasks
- Review results of initial scan
- Identify risky assets using the Queries library (docs | clickthrough)
- Learn query syntax
- Apply vulnerability records to queries (docs)
- Track query results on the dashboard (clickthrough)
- Track long-term initiatives with Goals
- Review reporting
Advanced configuration / Optimization
After you’ve done your initial analysis, you will want to optimize your scans and configure integrations to further build your complete asset inventory.
Tasks
- Configure inbound integration connections
- Configure SNMP credentials (video)
- Optimize scans by adjusting scan rates and other configurations (docs | video)
- See our clickthrough of some key additional configuration options as well
Automation
Now that you have optimized your scans and have analyzed your runZero data, you can automate these tasks to avoid manual effort. You can leverage this automation to run scans on a recurring basis, automate queries, and generate alerting for the team.
Tasks
- Schedule recurring scan tasks and any inbound integration tasks
- Automate queries and configure alerts to align with use cases (video)
- Configure outbound integration connections to enrich other IT and security tools
- CMDB
- SIEM
- SOAR
- Note: If you’re utilizing a solution that runZero does not offer a standard outbound integration for at this time, be sure to review our API documentation to learn about how to export runZero data.
Rollout
As your runZero deployment comes to a close, you will want to ensure all users have gone through training and ensure anyone that would get value from runZero has access to the platform.
Tasks
- Add users
- Ensure all users are trained on runZero
- Training and key documentation
- runZero playbooks
- Identify other teams interested in the asset inventory data, such as:
- Enterprise security team
- runZero is typically used by security teams to achieve a complete asset inventory, find gaps in their vulnerability scanning and endpoint protection, as well as discover potential vulnerabilities.
- IT Operations team
- runZero is typically used by IT Operations teams to achieve a complete inventory of all assets across on-premise and cloud-based infrastructure. This allows the team to identify misconfigurations as well as report on assets in the environment by leveraging our searching and reporting capabilities.
- Penetration testing team
- runZero is typically used by penetration testing teams for conducting reconnaissance both internally and externally, identifying vulnerable targets, and finding ways to get to these vulnerable targets by using our reporting and searching capabilities.
- Enterprise security team
Additional Resources
Now that runZero has been deployed and users have been trained on the platform, please review some of our additional resources to help answer questions you might have as well as maximize the value of runZero:
Getting help
If you need assistance at any point in this process, you can book a session with a runZero Customer Success Engineer to discuss further.