Almost every network these days will have one or more scanning tools designed to look for everything from malware and viruses to vulnerabilities inside developing code. They can be quite effective in that role and can improve detection rates, but they can also contribute to cybersecurity fatigue and force security teams to waste time chasing down false alarms.
The ZeroNorth platform brings various scanning tools together in one place so rules and preferences can be created globally and applied to whatever scanners an administrator wants to deploy. It’s also adept at ingesting scan results from multiple sources and consolidating them into prioritized alerts. In our testing, ZeroNorth was able to take, on average, about 50 alerts generated by scanners and consolidate them down to just five or six problems that needed to be addressed. Fixing those core issues also eliminated the peripheral and overlapping problems.
ZeroNorth is offered through a software as a service platform with users logging into the cloud-based portal to get reports and make changes to their scanning tools. A series of agents are needed to connect scanning tools to the platform, though the footprint within a protected network is extremely small given that ZeroNorth is using existing scanning programs. Extremely security conscious organizations can install the platform locally, though this is a special setup that the company does not normally implement.
Pricing for ZeroNorth is based on the number of entities scanned, which can include hardware elements like servers as well as virtual objects like containers within the cloud and also things like IP addresses.
The platform has a very nice user interface where everything is clickable, including consolidated alerts from scanners. And unlike security platforms that simply track event data like most security information and event management (SIEM) tools, ZeroNorth is able to track the ownership of applications or resources that are pegged by scanners as having security flaws or vulnerabilities. It can even be set to automatically notify those owners of scan results in addition to security teams. That way, people at an organization who are the most invested in fixing a specific problem can get to work on it right away.