Google is open-sourcing its network security scanning engine in the hopes of helping organizations protect data. Tsunami is designed to detect high severity vulnerabilities with high confidence.
“When an attacker begins to exploit security vulnerabilities or security misconfigurations, such as weak passwords, an organization needs to react quickly in order to protect potentially vulnerable assets. With attackers increasingly investing in automation, the time window to react to a newly released, high severity vulnerability is usually measured in hours. This poses a significant challenge for large organizations with thousands or even millions of internet-connected systems,” Google wrote in a post.
Tsunami aims to detect and remediate security vulnerabilities in an automated fashion as well as make sure detection quality is consistently high. The project takes a two-step approach:
- Reconnaissance where it detects open ports, identifies protocol, services and software and leverages existing tools.
- Vulnerability verification where it uses the information it obtained in the reconnaissance step and selects vulnerability verification plugins to match the identified services.
As part of the project’s initial release, it will detect exposed sensitive UIs and weak credentials. The company plans to add more detectors for vulnerabilities and new features to make the engine more powerful.