Exciting New Features Arrive for Greenbone Enterprise Appliances

We’re excited to announce the release of several feature updates to our Greenbone Operating System (GOS), the software stack behind our physical and virtual Enterprise Appliances. The updates introduce new front-end features to enhance enterprise vulnerability management capabilities, and performance enhancing back-end features. The newest updates to the Greenbone Operating System (GOS), version 24.10, reflect Greenbone’s commitment to empowering fundamental cybersecurity best practices and enabling organizations to prioritize and close security gaps faster than ever before.

In this post, we’ll delve into the latest features and improvements that make our line of Enterprise Appliances even more powerful tools for exposure management and cybersecurity compliance.

GOS 24.10 Brings All New Features

The Greenbone Security Assistant (GSA) is the IT administrator’s doorway into security visibility. From a high-level vantage, the GSA web-interface has a totally new look. The updated version features a modern minimalist look and feel, emphasizing utility and usability, while keeping Greenbone’s capabilities within reach. But the new look is just scratching the surface. Let’s review some deeper changes on the horizon.

The New Compliance Audit Report View

Cybersecurity compliance is increasingly important. New regulations across the EU such as the Digital Operational Resilience Act (DORA), the Network and Information Security Directive 2 (NIS2) and the Cyber Resilience Act (CRA) require organizations to take more proactive actions to protect digital infrastructure. Other forces such as cybersecurity insurance, the need for stronger third party oversight and accountability to customers are impacting how companies oversee their cybersecurity operations.

The GOS 24.10 update includes a brand new compliance-focused view designed to enhance insight into regulatory and policy alignment. The updated user-interface allows greater visibility into cybersecurity risks, supporting alignment with IT governance goals. It hosts compliance audit reports, new dashboard displays and filtering options. This helps keep compliance-focused data distinct from regular scan reports. Delta audit reports also highlight compliance progress with visual indicators and tooltips for easy identification.

EPSS Support Adds AI-Based Prioritization

As the number of new CVEs (Common Vulnerabilities and Exposures) continues to increase, prioritizing vulnerabilities to focus on the most high-impact threats is critical. The Exploit Prediction Scoring System (EPSS) is an AI-driven metric that estimates the likelihood of a CVE being exploited in the wild. EPSS applies machine learning (ML) to historical data to predict which new CVEs are at highest risk of active attack.

EPSS data is now integrated into our Enterprise Appliances. Regularly updated exploitation probabilities for every active CVE are not available in the Greenbone platform. Administrators can leverage up-to-date exploit probability scores and percentiles in addition to the traditional CVSS severity, empowering them to focus on the most critical pressive vulnerabilities in their operations.

More Adaptable CSV and JSON Report Exporting Capabilities

Greenbone’s approach has always centered on simplicity and flexibility. As such, the solutions fit a wide spectrum of unique operational needs. GOS 24.10 introduces JSON formatted report exporting. Users can also now customize the fields in exported CSV and JSON reports. This allows reports to be customized directly from Greenbone to more precisely match report requirements and focus on what’s essential for analysis, compliance or decision-making.

Additional Backend Optimizations

To enhance the flexibility and accuracy of vulnerability matching, Greenbone has introduced several backend optimizations focused on CPE (Common Platform Enumeration) handling and feed management. Here is a look at what’s new:

• The backend can convert CPEv2.3 strings to CPEv2.2 URIs, storing both versions for more reliable affected product matching. Future development may include advanced, on-the-fly matching, bringing even more precision to vulnerability assessments.
• Greenbone Enterprise Appliances now support JSON-based CVE, CPE, EPSS, and CERT feeds and gzip data compression.

Summary

With the release of a new round of updates, Greenbone is strengthening the flagship Greenbone Enterprise Appliances. The updates introduce a modernized GSA web-interface, a compliance-focused audit report view for improved visibility, and enhanced CSV and JSON exporting capabilities give users control over report data. We’ve also added AI-based EPSS to the available options for vulnerability risk prioritization. Finally, backend optimizations ensure seamless compatibility with new CPE formats and JSON-based feeds. Together, these features add to Greenbone’s adaptable vulnerability management capabilities allowing organizations to stay ahead of emerging threats with industry leading vulnerability detection and prioritization.