Cloud Advisor identifies and prioritizes vulnerabilities in operating systems, packages and libraries on virtual machines deployed in the cloud without the use of agents.
Cloud Advisor uses an agentless approach to scan virtual machine block storage. This innovative method:
- Provides 100% coverage of all virtual machines immediately after deployment
- Allows you to deploy Cloud Advisor in minutes and get full information about all vulnerabilities in the infrastructure within an hour
- Does not require work to install and update agents, reducing the total cost of ownership
- Has no effect on virtual machine performance
- Does not require a network connection between the machine and the scanning module
Cloud Advisor prioritizes vulnerabilities based on the context in which they are found. For example, a Log4Shell vulnerability found on a public machine with a security group that allows unrestricted connections will have a higher priority than the same vulnerability found on a machine without internet access. Unlike traditional vulnerability scanning solutions, Cloud Advisor has detailed information about the cloud configuration thanks to the CSPM module. This allows you to focus your attention on fixing the really important risks.
Various factors are used to prioritize vulnerabilities: presence of public exploits, type of vulnerability, CVSS score, etc. This allows you to focus on fixing vulnerabilities that have a real risk to the infrastructure.
Cloud Advisor retrieves data from multiple sources and searches for vulnerabilities in Alpine, Debian, Ubuntu, RHEL, CentOS, OpenSUSE, and other distributions. Cloud Advisor supports the system package managers apt, yum and apk and the application-level package managers Bundler, Composer, Pipenv, Poetry, npm, yarn and Cargo.