Tsunami, the Google program to find vulnerable devices

This scanner is now available in open source form to scan even up to millions of devices connected to the Internet. Google has been using it internally for a while, and now we already have it available on its GitHub page. This product will not be officially from Google, and in its legacy it will be maintained by the community open-source, as Google already did with Kubernetes, donated to the Cloud Native Computing Foundation.

There are currently hundreds of both open source and closed source tools to search for vulnerabilities in networks. What sets Tsunami apart from others is that it is designed to work even with large companies that may have thousands or millions of connected devices, such as Google itself, with servers, workstations, network equipment, IoT devices, etc.

It first scans, and then checks the vulnerabilities of each device

Tsunami automatically adapts to each network regardless of its size or type of devices. This is achieved thanks to the first component: the scanner, which scans the network for open ports. Subsequently, it checks each port and tries to identify the protocols and services that run on each of them in order to correctly identify the type of device and avoid looking for the wrong vulnerabilities.

The second component is the most complex, since it is executed based on the results obtained from the first. Thus, you select each device and its ports, and select the vulnerabilities to be checked by benign exploits to see if the device is vulnerable.

The system is compatible with plugins, thanks to which its functionality can be extended, where the security teams that use it can add new attacks and vulnerability checks within their networks. Among the included plugins is one to check if there are devices exposed to Internet access without any type of verification, as well as another that checks if too weak passwords are being used.

Avoid false positives, the priority of Tsunami

Google has wanted to make this tool as reliable as possible, focusing on avoid false positives at all costs. This is very important, since, for example, if a false vulnerability is detected in a smart light bulb, of which there are thousands in a company, the incorrect patches may be applied, being able to break them, leave them offline, or directly leave the company without light.

In addition, Tsunami functionality will only be extended with highly dangerous vulnerabilities that allow, for example, a hacker to take control of a company, steal credentials, install ransomware, etc. This will reduce alerts that are simple and do not pose a problem for the integrity of the company network.

Leave a Reply

Your email address will not be published.