A quarter of a century of defence has been based heavily on specific known threats. However these days there are too many to keep up with. As an example - AV based on known signatures has been shown to be easy to bypass repeatedly. Likewise Vulnerability Assessment based on CIS benchmarks cannot take into account 0day issues, for which the economics of 0days dictate that plenty of them are in circulation.
So the concept of deltas wherein "something changed in my environment that i didn't expect - lets investigate" is a more foolproof means of threat detection - however a whole core network (think IDS deltas), or a whole operating system, is a threat space that is too complex and wide - there will be lots of noise in the form of false positives.
So then how about we focus on smaller targets that are less complex? Netdelta is based on deltas over groups of IP addresses, where changes in host availability, or service configuration, result in an alert being raised.
- Maintains scan history in a backend database and provides analytics.
- If there's an unexpected change, it could be the result of unauthorised activity: hacking, malware, unauthorised change, shadow IT, etc.
- Netdelta maintains a history of past scans and deltas and grades (red, amber, green) on the likelihood that the delta is a false positive.
- The changes alerted - host up, host down, new group member, new host appears (maybe a rogue host, unauthorised change, firewall misconfig), service(s) added, service(s) removed
- User-configurable email alerts.
- Schedule scans, or run instant scans against any configured group.
- User-configurable scan options.