Mondoo June 2024 Release Highlights

During the month of June at Mondoo, two key words drove our engineering work: better and more. We endeavored to make your security assessment and prioritization experience better and to extend the Mondoo security data fabric to give you more data. The results are finer details on cloud security, an improved user experience, new platforms supported, and expanded information on your infrastructure. What do Mondoo's better and more enable you to do? Find out in this month's release highlights.

Monitor cloud security with unmatched granularity

In addition to evaluating the overall security posture of your cloud environments, Mondoo now discovers and individually scans common cloud resources such as load balancers, virtual networks, or storage buckets. With the fine-grained security details Mondoo exposes, you might reveal some surprises.

Better understand your cloud asset inventory

With this improved granularity, you can quickly find and understand cloud assets across multiple providers or accounts—all within Mondoo. Search for resources by name or type using our newly expanded search capabilities.

Once you've found the right asset, quickly determine the location and owner with detailed asset overview data for each asset type.

Get a clear and detailed view of your security

It's also easier to understand where critical security vulnerabilities exist within your infrastructure. Because Mondoo now applies checks directly to cloud assets, you can more easily see which assets pass and which assets fail checks without diving into complex, account-wide check output.

Set granular exceptions

Edge cases no longer need to cause pain. Now Mondoo gives you the fine-grained control to account for cloud security exceptions where necessary. With fine-grained asset scanning you can create exceptions that run on the specific cloud resources instead of on the account. This means you can disable or snooze a check without losing security visibility across your entire cloud account.

Scan and query even more platforms

You'd think we would run out of new platforms to query and scan, but we haven't yet! This month we added:

  • Shodan search engine: Inspect domain and IP security information in the Shodan search engine with the new shodan provider in cnquery and cnspec.
  • Ansible playbooks: Query and secure your Ansible playbooks with cnquery and cnspec using our new ansible provider.
  • SBOM files: cnquery and cnspec now let you directly query and scan SBOM file content as if the files were real running assets.
  • Snowflake: Use the new snowflake provider in cnquery/cnspec to query and secure database, user, and configuration data in your Snowflake account.

Assess Windows system security without an agent

You can now inspect a Windows system without installing any agent on the system: Attach the drive (or a snapshot of the drive) to another Windows system. Then you can run the cnquery or cnspec shell complete with access to all of Mondoo's Windows MQL resources. Run against a drive by serial number or against a LUN.

Automatically discover and scan infrastructure as code in GitHub and GitLab

When Mondoo scans GitHub and GitLab repositories, it can automatically detect CloudFormation templates and Kubernetes manifests and scan them for security issues. Find their scan results quickly in the IaC asset group.

Secure Microsoft Exchange

Mondoo's vulnerability detection has expanded to include Microsoft Exchange. Scan with cnspec to ensure that you're following important security best practices and have the most important updates installed. 

Heard about the new Microsoft Exchange vulnerabilities currently being exploited in the wild? Don't become another attack victim. Scan Exchange now.

Easily navigate spaces and organizations

We've made it much easier to navigate between different organizations and spaces in the Mondoo Console. Our schmancy new navigation bar lets you:

  • Search for organizations or spaces right in the drop-down menus
  • Switch to a space without having to visit the organization's Spaces page

Crank risk factor identification and prioritization up to 11

In June we made more changes focused on making it easier for you to understand the greatest risks to your organization.

New risk factors for critical Windows systems

With new risk factors for assets running Microsoft SQL Server or IIS, Mondoo now exposes vulnerabilities and misconfigurations on the most important Windows systems in your environment.

Assess risk at a glance

We improved the risk assessment view on CVE and advisory pages so you can better understand which risks apply to assets and which don't.

Don't be fooled by partially removed .deb packages

It's possible to remove a Debian package from an asset but leave parts of it remaining on the system. Mondoo now detects these remnants and flags the risk they pose to your environment. 

Get the information you need on vulnerabilities

With an exhaustive list of all the vulnerable software in your infrastructure, you can precisely identify risks. Delve into specific versions of packages and see everywhere they're installed. This new feature also works seamlessly with Mondoo Firewatch, automatically helping you prioritize remediation using contributing risk factors such as known exploits, running processes, and open network ports.

Each software page provides a breakdown of:

  • Deployed package versions
  • Software CVEs
  • Risk factors
  • Assets in your environment running the software

In addition, the asset tables in the CVE and advisory views now provide more relevant information about vulnerable assets.

Catch old systems before they're end of life

This month we expanded our end of life detection to include:

  • SLES 15.5
  • openSUSE 15.6
  • FreeBSD 13.2
  • FreeBSD 14.0

Access even more detail with newly added resource

Resource Change
aws.account New tags field
aws.applicationautoscaling.target New createdAt field
aws.ec2.image New deprecatedAt field
aws.ec2.instance New networkInterfaces field exposing a new aws.ec2.networkinterface field
aws.eks.cluster New addons field using the new aws.eks.addon resource
New iamRole field
New nodeGroups field exposing a new aws.eks.nodegroup resource
aws.elb.loadbalancer New targetGroups field exposing a new aws.elb.targetgroup resource
aws.vpc.natgateway New subnet field
gcp.project.binaryAuthorization New resource for inspecting GKE Binary Authorization configuration
gcp.project.computeService New enabled field
gcp.project.sqlservice.instance.settings.ipconfiguration New sslMode field
New enablePrivatePathForGoogleCloudServices field
googleworkspace New calendars field using the new googleworkspace.calendar resource
googleworkspace.report.apps New admin field
googleworkspace.user New isDelegatedAdmin field
microsoft.policies.authorizationPolicy New permissionGrantPoliciesAssigned field under defaultUserRolePermissions
windows.feature Deprecated in favor of windows.serverFeature, which better describes this as a server-only resource
windows.optionalFeatures New resource to check for optional Windows features on desktop Windows releases

Stay current with policy updates

CIS Google Cloud Foundations 3.0

Secure your Google Cloud infrastructure with the latest recommendations from the Center for Internet Security (CIS). This updated policy includes new checks as well as updated audit and remediation steps to match the latest Google Cloud console experience.

Expanded Endpoint Detection and Response (EDR) policy support

The Mondoo Endpoint Detection and Response (EDR) policy now detects systems running Windows Defender with up-to-date definition files.

Find and fix the security risks that pose the biggest threat to your business.

Letha Dunn

Letha has been writing about technology for more than thirty years. During the past decade, she’s focused on educating engineers about identity and access management, security, CI/CD, and project velocity. Letha lives in the Pacific Northwest, where she rescues and rehabilitates abused and neglected horses and dogs.

Tim Smith

Tim Smith is a Product Manager at Mondoo. He’s been working in web operations and software development roles since 2007 and port scanning class As since 1994. He downloaded his first Linux distro on a 14.4 modem. Tim most recently held positions at Limelight Networks, Cozy Co, and Chef Software.

You might also like

Releases
Mondoo September 2024 Release Highlights
Releases
Mondoo August 2024 Release Highlights
Releases
Mondoo July 2024 Release Highlights