→ 🚀What's New? Join Us for the Fall Product Launch! Register Now !

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
IainCaldwell
Lansweeper Employee
Lansweeper Employee

Lansweeper is delighted to announce new capabilities in the security vulnerabilities space. Building on the foundations of our world-class scanning technology Lansweeper has enhanced our software scanning to normalize and enrich with NIST standard naming and identification. This enables Lansweeper to offer value add capabilities matching clients' software against NIST vulnerabilities databases.

This is a preview feature and will be iterated frequently over the next few months before the official release. Please use this space to give suggestions +ve or -ve to help us improve the product.

78 REPLIES 78
Tyler
Engaged Sweeper

I'm noticing that a lot of vulnerabilities are being reported for servers that have the CVE patches installed.  Mostly with server 2012 r2.  Almost every 2012 server reports handfuls of vulnerabilities.  All servers are up to date, and I've even downloaded the specific KB update, installed it, waited a day or two, and that machine will still be reported as having that vulnerability, is there a step or issue im missing?

IainCaldwell
Lansweeper Employee
Lansweeper Employee

Hi @Tyler 

Since we implemented our mapping to the NIST list we've realised that the version number in NIST isn't specific enough to recognise changes (patches).  A lot of the entries are at the major version level which then leads to a lot of false +ves.  As a result we have put focus on other sources we can use to augment that core list - the primary one being a Microsoft list (Microsoft isn't the only areas we see gaps but its the one most visible due to the higher usage).
We have this in testing just now and expect the improvements to be included in our D-Launch mid to end June.

Sorry, and thanks for your patience.

Cheers Iain

Any update on the this? The June update is out and we still have the issue of Lansweeper not detecting cumulative updates correctly and showing vulnerabilities that were patched years ago.

James12
Engaged Sweeper II

I agree its absolute disgrace, we will be reducing our licence on renewal, we upgraded our licence on the basis that feature  it was just leaving beta and was good to go,  6 months later it finally left beta and still can't handle basics like cumulative updates.

Cole
Engaged Sweeper II

I also upgraded our license specifically for the vulnerability assessment. Very disappointed I can even use it or trust it to be correct. 

Esben_D
Lansweeper Employee
Lansweeper Employee

Hey Cole, we're aware of some issues, you can find more info here: https://community.lansweeper.com/t5/product-conversations/vulnerability-risk-assessment-performance-... 

However, if you have specifics about your problem you would like to share, I'd recommend contacting support so they can validate whether you're experiencing the same issue.

DonMario73
Champion Sweeper

I read about this new acquisition from Lansweeper.  Seems like it will help to improve the risk insights currently available in the Pro license.  

https://www.lansweeper.com/press/lansweeper-acquires-rankedrights-key-assets-to-accelerate-its-vulne...

@Esben_D  @IainCaldwell  can you please clarify on this?

Thanks!

@DonMario73 yes the brains from rankedright will be helping map our future direction in this space, bringing their knowledge and experience and improving the lansweeper product.

 

Cheers Iain

rom
Champion Sweeper III

Thanks Iain - you might want to put this at the top of the chain as it will help clear a lot of things up - looking forward to the next iteration of security insights