About Luup | Features | Prices | FAQ + Doku | Contact |                         german version


Attack Surface Monitoring

Advanced


No setup. No appliances. No software installation. No manual list input or maintenance.
Luup reliably detects hardware and services, and discretely monitors the security-setup as well as the external attack surface. Luup helps to keep track of their condition and modifications without much effort.
Each module can be configured individually and customized to your own needs.

Security


There’s continuous change regarding security posture and threat-landscape, especially with internet-facing services, with incidents often happens within hours. Use Luup to identify which of your services are most threatened, where dataleaks might occur or where hackers might find weak points or blind spots to exploit.
Benefit from our security experts' longstanding experience that has already helped to make the cysmo-Tool a great success.

Monitoring


Luup provides 24/7 information on changes and critical threats to technology deployed by your tech-teams. Whether exploit or security gap: Luup identifies if you are affected and alerts instantaneously by providing a list of the affected IPs and systems, to be able to quickly take the required countermeasures and preempt the next exploit wave.


"Avoiding an unnecessary attack surface is the oldest measure in IT-Security"
-- Felix von Leitner / fefe

Usecases
Security-QA for technology-owners

ECommerce and
Domain operators

Monitor your own or outsourced infrastructure for changes, security threats, forgotten servers or legacy releases.
  • Your Jira/Confluence is accessible for anyone from the internet?
  • DEV-systems in debug-mode are unprotected and accessible for anyone?
  • You want to know what remains of your service provider’s glossy brochures when it comes to reality?
  • You want a fast and reliable method to detect misconfiguration within your infrastructure?
  • As a CISO, you don’t want to invest in a new infrastructure pentest each and every year but obtain a continuous and up-to-the-minute overview?
Then Luup is the right tool for you.

ISP, Hosting and
DC operators

Keep track of all your assets like servers, IPs, ports, firewalls, and appliances accessible from outside in your data center, whether intended or not.
Get a short assessment, migration advice and a list of affected systems immediately after serious security-vulns (CVE/CvSS > 8.0) become known, so you can act promptly to protect your own and your customers’ systems as fast as possible.
Use the IP-Reputation module to get threat intelligence into your DC and detect possible botnet infection, hacked servers, and other anomalies most easily.
Luup provides you with a continuous overview of your external attack surface and the current threat situation.

Whitepaper
(whitepaper currently only available in german german version)

Firewall-Management-Monitoring

Read our white paper to learn how to establish effective firewall management incl. monitoring to meet compliance requirements while saving time, as monitoring warns you in time and enables immediate fault-clearing.

Download



Asset-Management and differentiation from Nessus/Vuln-Scanners

Read in our white paper why asset management for infrastructure operators is becomeing more and more important and how to keep an overview of your own infrastructure.
Being able to react fast to security-vulns, issues and exploit-camapiagns is key to not get hacked.

Additionally, we delineate Luup from Nessus / Metasploit; Spoiler: both approaches (Asset-Management and Vulnscans) are important for the continuous assurance of DataCenter security.

Download





Features

Feature Domain-Mode DC-Mode RMKS
Domain/A-Record Watcher
Subdomain-Scan
Darknet-Monitor (*)
Technology-Alerts (*)
BGP-Monitor (*)
IP-Scan
IP-Reputation
VulnScans (**)
API (Pull und Push)
SIEM-Integration (**)
Monitoring-Integration (**)
Reports
Remarks (*): individual modules are available as separate passive alert monitoring for ASN operators
(**): optional, price on request

Glossar     (klicken zum aufklappen)



Feature Frequenz Erklärung
Domain/A-Record Watcher 1h Überwachung wichtiger A-Records/CNAMES / Nameserverinträge für:
  • domain.com und www.domain.com
  • MX-Records
  • NS-Records
  • TTL
Subdomain-Scan 1d Überwachung aller benutzen Subdomains/Hostnamen einer Hauptdomain
  • Scan nach benutzen Sudomains
  • Anzeige von auflösbaren und erreichbaren Subdomains und zugehöhrenden IPs
  • Schutz vor Subdomain-Takeover
  • Überwachung der Nameserver-Hygiene
Darknet-Monitor 1d Überwachung von Darknet - Leaks (aktuell 25.000 Domains, 3 Mio IPs und 5 Mrd Email/PW-Kombinationen in der Datenbank)
  • passives Breachmonitoring
  • individuell einstellbar
  • Alert, wenn Daten der eigenen Server im Darknet auftauchen
  • keine FalsePositives, Vorqualifikation und Überprüfung durch das zeroBS - Analystenteam
IP-Scan 1d regelmäßiger Scan von angegebene IP-Ranges und Alerts bei
  • neu auftauchenden IPs
  • neuen offenen Ports und Services, Meldung nach Kritikalität (Info, Warnung oder Kritisch)
  • abgeschalteten IPs
  • geschlossene Ports
  • Servicerkennung
  • Hardware/Appliance-Erkennung
IP-Reputation 1d Threat Intelligence und passive Breachdetection für IPs und Domains, überprüfung auf schadhafte Aktivitäten im eigene Netzwerk
  • Abfrage von 200 IP-Datenbanken (OSINT und kommerziell)
  • Abfrage von DNSRBL zur Überprüfung von Spamverhalten der MX-Server
Technologie-Alerts 24/7 laufende Übeprüfung, ob zu eingesetzten Technologien kritische Exploits oder Sicherheitslücken existieren
  • Software/Applikationen
  • Appliances und Devices (Firewalls, Gateways, Server)
  • Frameworks und Programmiertools
  • Abgleich mit Ihrem Datenbestand und Alert mit Sicherheitshinweisen und betroffenen IPs/Diensten
BGP-Monitor 24/7 laufende Überprüfung, ob eigene Netze via BGP-Highjacking gekapert wurden
  • 24/7, laufende Überwachung
API (Pull und Push) 24/7 Datenaustausch via REST-API
  • erhalten Sie jederzeit Ihren aktuellen Status
  • PUSH -> wir senden Daten an Sie
  • PULL -> Sie fragen Ihre Daten bei uns ab
SIEM-Integration 24/7 Datenaustausch mit SIEMS
  • erhalten Sie alle Alerts und Notifications direkt in Ihr SIEM
Monitoring-Integration 24/7 Datenaustausch mit Monitoring-Systemen
  • Nagios/Icinga-Plugins vorhanden
Reports 1m monatliche Reports
  • Aktueller Zustand
  • Zusammenfassung der wichtigsten Informationen
  • kritische Dienste und Meldungen
  • umfangreiche und detaillierte Listen als Action-Items für Ihre Technik

Prices



active Monitoring (incl. Scans)
Assets Price/Month € Price/Year €
64 /26 249,- 2750,-
256 /24 499,- 5489,-
512 /23 749,- 8239,-
1024 /22 999,- 10989,-
2048 /21 1499,- 16489,-
4096 /20 1999,- 21989,-
> 4096 auf Anfrage auf Anfrage
all bundles also available as "Managed Version": our experienced zeroBS team will administer and manage your Luup account. All alerts (configuration changes, technology alerts) will be reviewed by our analysts, i. e. you won’t get any false positives, on top of guidance and mitigation advice; ideal for all customers without a large security team
Pricing for optional features (vulnerability scan, SIEM integration, monitoring integration) upon request

passives Alert-Monitoring (nur für AS-Betreiber oder Systemhäuser)
Berechnung Preis/Jahr €
pro AS 15.000,-
pro Account 12.000,-

Kontakt



zeroBS GmbH
Werftbahnstr 8
24143 Kiel
Germany

Fon +49 431 55 68 23 91
Fax +49 431 55 68 23 95

w: https://zero.bs
m: luup@zero.bs

AGB und SLA