Lucidum’s cyber beard is thriving! A Rising in Cyber 2025 Honoree! See the wisdom behind the whiskers → [Learn More!]

Lucidum’s cyber beard is thriving! A Rising in Cyber 2025 Honoree! See the wisdom behind the whiskers → [Learn More!]
View Categories

How Secure Are Your Assets?

Estimated Reading Time: 7 min read

Modern EPP/EDR solutions require security agents to run on assets. These solutions require an IT team to view the console and determine which agents are online. The challenge with security agents is that security agents will not show you which assets are not managed with the agent.

Each asset and user might use a different security policy. For example, a company’s security policy might require one endpoint agent for PCs and another for Macs. So IT teams need to monitor multiple types of agents.

Lastly, you cannot assume that every asset connected to your network chose to install a security agent, install antivirus software, or install updates in response to vulnerabilities. So you need to find those assets and remediate. Lucidum can sort through all the data to show you the assets that require your attention.

Lucidum ingests data from all the solutions in your environment. Lucidum Machine Learning algorithms then enrich the ingested data through deduplication, triangulation, and aggregation. This allows Lucidum to discover every asset and every account and user, even those not discovered by your security solutions, so you can protect your environment.

Assets without Endpoint Protection #

no_endpoint_protection.png

In this example, the dashboard searches each asset in your environment for all the endpoint protection solutions for which you have configured a connector, meaning all the endpoint solutions in your environment. Lucidum then finds all assets that are not running an endpoint agent.

This dashboard includes charts for:

  • Endpoint Agent Missing: Compute Assets. Displays a count of all endpoints without endpoint agents.

  • Data Sources of No-Endpoint-Agent Devices. Displays all endpoints without endpoint protection and also displays the data sources associated with these endpoints.

  • Locations of No-Endpoint-Agent Devices. Displays the locations for all devices without endpoint protection.

  • Departments of No-Endpoint-Agent Devices. Displays the departments associated with devices without endpoint protection.

  • OS of No-Endpoint-Agent Devices. Displays the operating systems and versions associated with devices without endpoint protection.

  • Asset Types of No-Endpoint-Agent Devices. Displays the asset types associated with devices without endpoint protection.

  • Vendors of No-Endpoint-Agent Devices. Displays the vendors associated with devices without endpoint protection.

  • Risk Level of No-Endpoint-Agent Devices. Displays the risk level for the devices without endpoint protection. Displays the number of those assets with low risk, medium risk, and high risk. Lucidum uses risk factors to calculate risk score and risk ranking among all the assets in your environment. Lucidum can then assign a risk level of “Low”, “Medium”, or “High”.

Assets with Commonly Exploited Vulnerabilities #

assets_w_mosst_commonly_exploited_vulns1.png

This dashboard uses the list of Common Vulnerabilities and Exposures (CVEs) published by the Joint Cybersecurity Advisory (https://www.cisa.gov/uscert/ncas/alerts/aa22-117a). The dashboard displays assets that test positive for one or more of these CVEs.

This dashboard includes charts for:

  • Asset Count. Displays the count of assets with active CVEs.

  • Active CVEs. This chart looks at all assets with active CVEs and displays which CVEs are present in the environment.

  • Operating Systems Affected. Displays all the operating systems and versions in the environment that are affected by CVEs.

  • Vulnerable Assets. This chart lists the names of assets that have active CVEs.

  • Remediation Progress. Displays the number of assets that still have active CVEs each day. Ideally, this chart should show a downward slope over time.

  • Assets with Common Exploits. Displays the CVEs with the highest number of associated assets.

Asset Violations by Capability Owner #

asset_violations_capability_owner1..png

Using the SANS Vulnerability Management Maturity Model (https://www.sans.org/posters/key-metrics-cloud-enterprise-vmmm/), a capability owner is an individual or team responsible for specific assets.

This dashboard focuses on Windows assets missing SentinelOne, Mac assets missing Jamf, and misconfigured cloud instances.

This dashboard includes charts for:

  • Windows Missing SentinelOne. Displays the total number of Windows assets missing SentinelOne.

  • Windows Missing SentinelOne. Displays the Windows assets missing SentinelOne and their locations.

  • Windows Missing SentinelOne. Displays the versions of Windows running on Windows assets missing SentinelOne.

  • MacOs Assets Missing Jamf. Displays the total number of Mac assets missing Jamf.

  • MacOs Assets Missing Jamf. Displays Mac assets missing Jamf and their locations.

  • MacOs Assets Missing Jamf. Displays the versions of MacOS running on Mac assets missing Jamf.

  • Cloud Instances w/Default SG & Assigned IGW. Displays the total number of cloud instances associated with the default security group but also associated with an internet gateway (public facing).

  • Cloud Instances w/Default SG & Assigned IGW. Displays the cloud instances associated with the default security group but also associated with an internet gateway (public facing) and their locations.

  • Cloud Instances w/Default SG & Assigned IGW. Displays the operating systems running on the instances associated with the default security group but also associated with an internet gateway (public facing).

Asset Violations by Department #

asset_violations_dept.png

Using the SANS Vulnerability Management Maturity Model (https://www.sans.org/posters/key-metrics-cloud-enterprise-vmmm/ ) again, this dashboard focuses on Windows assets missing SentinelOne, Mac assets missing Jamf, and misconfigured cloud instances. But this dashboard also displays information about the department associated with these assets and the users associated with these assets, so that department can remediate or so the IT department can monitor the assets more closely.

  • Sales Windows Missing SentinelOne. Displays the total number of Windows assets missing SentinelOne that reside in the sales department.

  • Sales Windows Missing SentinelOne. Displays the Windows assets missing SentinelOne, that reside in the sales department, and the location of those assets.

  • Sales MacOS Missing Jamf. Displays the total number of MacOS assets missing Jamf and that reside in the sales department.

  • Sales MacOS Missing Jamf. Displays the MacOS assets missing Jamf, that reside in the Sales department, and the user associated with those assets.

  • Sales Cloud Instances w/Default SG & Assigned IGW. Displays the total number of cloud instances associated with the default security group but also associated with an internet gateway (public facing) that reside in the Sales department.

  • Sales Cloud Instances w/Default SG & Assigned IGW. Displays the cloud instances associated with the default security group but also associated with an internet gateway (public facing), that reside in the sales department, and the location of those assets.

  • Finance Windows Missing SentinelOne. Displays the total number of Windows assets missing SentinelOne that reside in the finance department.

  • Finance Windows Missing SentinelOne. Displays the Windows assets missing SentinelOne, that reside in the finance department, and the location of those assets.

  • Finance MacOS Missing Jamf. Displays the total number of MacOS assets missing Jamf and that reside in the finance department.

  • Finance MacOS Missing Jamf. Displays the MacOS assets missing Jamf, that reside in the finance department, and the user associated with those assets.

  • Finance Cloud Instances w/Default SG & Assigned IGW. Displays the total number of cloud instances associated with the default security group but also associated with an internet gateway (public facing) that reside in the finance department.

  • Finance Cloud Instances w/Default SG & Assigned IGW. Displays the cloud instances associated with the default security group but also associated with an internet gateway (public facing), that reside in the finance department, and the location of those assets.

  • Marketing Windows Missing SentinelOne. Displays the total number of Windows assets missing SentinelOne that reside in the marketing department.

  • Marketing Windows Missing SentinelOne. Displays the Windows assets missing SentinelOne, that reside in the marketing department, and the location of those assets.

  • Marketing MacOS Missing Jamf. Displays the total number of MacOS assets missing Jamf and that reside in the marketing department.

  • Marketing MacOS Missing Jamf. Displays the MacOS assets missing Jamf, that reside in the marketing department, and the user associated with those assets.

  • Marketing Cloud Instances w/Default SG & Assigned IGW. Displays the total number of cloud instances associated with the default security group but also associated with an internet gateway (public facing) that reside in the marketing department.

  • Marketing Cloud Instances w/Default SG & Assigned IGW. Displays the cloud instances associated with the default security group but also associated with an internet gateway (public facing), that reside in the marketing department, and the location of those assets.

What are your Feelings

Solutions

COMPANY

Resource Library