Lupasafe (Skopos Security Labs B.V.)

Active endpoint: There are X accounts
It means there are X known accounts. If the integration with Microsoft's AAD is enabled, new accounts are automatically added and old accounts are set to inactive. Why do we not call this 'Employees'? Because most firms have more accounts than employees.

This concerns the number of active accounts, not all of whom have access to the Lupasafe portal.

With data breaches> Does Lupasafe also indicate which breaches these are? And how should that be solved? 
 Lupasafe certainly indicates which breaches these are. This can be seen under Employees -> Leaked credentials.
Also from employees who probably no longer work at your company.

These are credentials that Lupasafe found through sources such as the Dark Web and Telegram and Torrents. Since this information is already circulating in criminal circles, you cannot remove it from there. The only thing you can do is present this to the employee in question. If the person recognizes the masked password, that person will have to set a new password wherever this password is in use to prevent misuse. The found password can then be marked as resolved and will disappear from the Lupasafe overviews.

More general data leaks are also known. These can be seen in the second overview on that page. The only thing that can be done is to make employees aware of this and have them change their passwords, if this is still relevant.

Monitoring X. Does that mean there are accounts with multiple devices? 
Servers are also scanned (so they are not related to an employee). This X is the combination between workplaces and servers.
 
Number of applications. Are these the number of applications being used at that moment? It seems like quite a lot to me.
We count all applications. It may be that, for example, if Word is counted for every computer where it appears, then Word counts as a separate applications for all employees. Keep in mind that the OS is also seen as applications and all components that are installed there. With a standard Windows installation you will soon have around 30-40 applications (such as Wordpad, Notepad, etc.) that are included as standard.

Secure score. And what does the Secure Score say? How much is good/sufficient/moderate/poor?
 The secure score concerns the Office365 device. Everything above 70% is an excellent score. If you click on the score in the dashboard you will get more details. There are a number of points that require an extra expensive subscription or cost extra money to increase the score. So it won't be 100% or it will cost a lot of extra money on Microsoft subscriptions.

Vulnerable endpoints. In the last report everything is set to 0. What if there is a score on critical. Does our main automation know what to do? Is he more likely to receive a notification outside the periodic reports?
 0 is a good score for endpoint when it comes to sensitivities! :-) A score with critical should be investigated as quickly as possible and where this can be resolved or compensatory measures should be taken. It is possible to receive an immediate notification when a sensitivity is detected. This can be done in the portal under settings.

 If you toggle the box, you will receive notifications.

If you want to enable this, you can choose which items you want to receive and you can also have this sent to a general/group mailbox:

 
If you have any questions about which action is best in the event of a found vulnerability, it is always possible to ask us for advice.

Vulnerabilities resolved. > Is that what Lupasafe does? Or does it only measure? And does Lupasafe see that our company has repaired that? (automatically or otherwise)
Lupasafe only measures. For example, if there is a sensitivity in Windows and an update is installed that resolves this, this is considered a resolved vulnerability.

Software risk (EPSS) past month: What does it mean?
EPSS stands for Exploit Prediction Scoring System. There are a number of risk scoring methods that are widely used. One of them is the CVSS, which is quite technical. A method that we have been using for a long time and that is becoming increasingly popular is EPSS, which indicates the likelihood that a vulnerability will be exploited in the coming year. For more information see:
https://skoposlab.freshdesk.com/support/solutions/articles/47001196976-what-is-epss-exploit-prediction-scoring-system-

(Network scanning) How can you read that? number of Hosts > Which hosts? Are you talking about computers, servers, routers, switches, printers, IoT devices and other network devices?
If your company has installed a network scanner that scans the network several times a day, the hosts are computers that the scanner finds on the network. These can be workplaces, but also routers, IoT devices, printers, telephones, etc. Everything that falls within the scanned network range.

Number of services > Are you talking about web server services, email services, database services, file sharing services, DNS services?
 Yes, these are services that the computers on the network offer. What you mention are examples of this.

Most vulnerable hosts > Risk score What does it say?
 In this overview it is the CVSS score that is used. This is linked to the CVE (the sensitivity) that has been matched (found) by Lupasafe. The CVSS is a more technical, but globally accepted, score. This ranges from 0 (completely safe) to 10 (Very critical).

Scanner settings? What can you say about that?
These are the settings (for example the subnets that are scanned) of the installed network scanner.

Issues open > Can we see them too?
 The selection at the top of the report suggests that you can choose between resolved or unresolved sensitivities.
Details can also be requested via the menu at the top of the portal via "Network Scanner". This gives you this overview: 

Vulnerable ports > # > What does that mean?
 If a service is offered via the network, the network services are distinguished from each other (at network level) by ports. For example, 25 is commonly used for SMTP, port 80 and 443 for web servers. This count represents the number of ports on which an application (service) was found with a sensitivity.

Match data is 5-okt-23 Does this mean it hasn't been running for a few months?
 No, this date indicates when the sensitivity was detected by Lupasafe. In settings (Settings -> Network scanner) you can see when the scanner has scanned.

I pressed Report Mismatch. What happens now?
If you press this, the report is forwarded to our support who will start an investigation into whether it is actually a false positive (this is always possible with automated tools). We will get back to that as soon as possible.

Our headers Score 1.0 are red. What does that mean?
 This concerns the scan for the HTTP Security headers. Security headers can be set on web servers that ensure that sensitivities are prevented or the damage caused by certain sensitivities is minimized. If our scanner gives a score of 1.0, these headers are absent and we would advise you to set this. For more information (also about the specific headers), see:
https://skoposlab.freshdesk.com/support/solutions/articles/47001242294-what-are-website-security-scores-e-g-security-header-scores-

It is of course possible that a web server is no longer used. In those cases, it is good to ask yourself whether these should still remain publicly available on the internet. Or perhaps turn it off completely. Possibly, if these cannot be disabled, the default page could be redirected to the website to minimize the visible attack surface. But for an experienced hacker, that's not enough, so it only helps a little.

Phishing / Phishing emails sent (Isn't that awareness?

Phishing tests are indeed part of Awareness. Lupasafe makes a distinction between questionnaires that can be sent to employees and phishing actions. Both are indeed part of awareness when you talk about information security.

Any more questions? Let us know: info@lupasafe.com