Full-scale deployment

As you get started with runZero, we recommend kicking off with our standard deployment plan and adding tasks as needed. The standard deployment plan is broken out into six stages which will help you plan out your requirements, execute the deployment, and optimize your environment based on runZero’s best practices.

Planning

This first set of tasks will help your team identify target results, get ahead of potential blockers, and help you avoid misconfigurations within runZero.

Tasks

Determine your success outcomes using runZero. Some common success outcomes include:
- Reducing gaps in asset visibility
  - Key results
    - Scan all assets in days rather than weeks
    - Integrated with all cloud providers and other relevant tools
  - Resources
    - Achieving RFC1918 coverage
- Reducing investigation times
  - Key results
    - Find any asset in your environment in seconds
    - Able to review all services an asset runs in minutes
    - Understanding of potential exposure on new vulnerabilities
  - Resources
- Reducing asset risk
  - Key results
    - Eliminate misconfigurations
    - Reduce gaps in endpoint protection
    - Reduce gaps in vulnerability scanning
    - Eliminate unmanaged assets
    - Number of unauthorized assets found and removed
  - Resources
Identify key organizational stakeholders
- Administrator(s) - who will be setting up runZero?
- Integration owner(s) - who will provide credentials for each integration?
All users take the runZero 101 training
Administrators take the runZero 201 training
Determine whether self-hosting is required (docs | video)
Identify known networks and subnets for discovery and other inventory sources (docs | video)
Define organizations based on RBAC requirements (docs | video)
Determine Explorer and scanner>) deployment location(s)
- Read up on the differences between the Explorer and scanner here

Initial configuration

Once you have your plan in place, it’s time to execute and run your initial scans. Please note that these configuration tasks are in a prioritized order to help you avoid having to reconfigure things down the road.

Tasks

Deploy self-hosted console (if required) (docs | video)
Setup organizations
Set up sites, and define subnets for discovery (video)
- Sites do not necessarily correspond to physical locations within runZero. Sites are used to represent distinct networks that may have overlapping IP space
Install Explorer(s) and/or scanner(s) (video)
Run initial scan (docs | video)

Analysis

Now that you have done some initial discovery, it’s time to review the results. Reviewing the results and leveraging our reports will help you expand scan scope, better understand your network, as well as help you identify key issues such as misconfigurations.

Tasks

Review results of initial scan
- Review dashboard (docs | video)
- Review the asset inventory (docs | video)
- Review the asset detail view (docs | video)
Identify risky assets using the Queries library (docs | clickthrough)
- Learn query syntax
- Apply vulnerability records to queries (docs)
- Track query results on the dashboard (clickthrough)
Track long-term initiatives with Goals
Review reporting
- Identify gaps in scanning (docs | video)
- Understand network segmentation (docs | video)

Advanced configuration / Optimization

After you’ve done your initial analysis, you will want to optimize your scans and configure integrations to further build your complete asset inventory.

Tasks

Configure inbound integration connections
Configure SNMP credentials (video)
Optimize scans by adjusting scan rates and other configurations (docs | video)
- See our clickthrough of some key additional configuration options as well

Automation

Now that you have optimized your scans and have analyzed your runZero data, you can automate these tasks to avoid manual effort. You can leverage this automation to run scans on a recurring basis, automate queries, and generate alerting for the team.

Tasks

Schedule recurring scan tasks and any inbound integration tasks
Automate queries and configure alerts to align with use cases (video)
Configure outbound integration connections to enrich other IT and security tools
- CMDB
- SIEM
- SOAR
- Note: If you’re utilizing a solution that runZero does not offer a standard outbound integration for at this time, be sure to review our API documentation to learn about how to export runZero data.

Rollout

As your runZero deployment comes to a close, you will want to ensure all users have gone through training and ensure anyone that would get value from runZero has access to the platform.

Tasks

Add users
Ensure all users are trained on runZero
- Training and key documentation
- runZero playbooks
Identify other teams interested in the asset inventory data, such as:
- Enterprise security team
  - runZero is typically used by security teams to achieve a complete asset inventory, find gaps in their vulnerability scanning and endpoint protection, as well as discover potential vulnerabilities.
- IT Operations team
  - runZero is typically used by IT Operations teams to achieve a complete inventory of all assets across on-premise and cloud-based infrastructure. This allows the team to identify misconfigurations as well as report on assets in the environment by leveraging our searching and reporting capabilities.
- Penetration testing team
  - runZero is typically used by penetration testing teams for conducting reconnaissance both internally and externally, identifying vulnerable targets, and finding ways to get to these vulnerable targets by using our reporting and searching capabilities.

Additional Resources

Now that runZero has been deployed and users have been trained on the platform, please review some of our additional resources to help answer questions you might have as well as maximize the value of runZero:

Getting help

If you need assistance at any point in this process, you can book a session with a runZero Customer Success Engineer to discuss further.

Updated December 5, 2023

Previous: Explorer vs scanner Next: Types of networks