Joval is designed to enable simple, flexible and lightweight deployments along several complementary models: host-based, agentless and offline. There are no databases or server infrastructure components to install and deploy, as Joval has been designed to integrate with existing enterprise reporting and automation systems.
In the host-based deployment model, a small Joval software library must be resident on each endpoint that will be scanned. An existing enterprise-grade deployment and orchestration system is used to distribute this library, as well as the relevant security benchmarks and vulnerability definitions, to each participating endpoint system. The orchestration system is also leveraged to kick of scans, and to collect scan results for cataloging in a central result store. Joval implements the scan logic, and provides both complete standards-based result information and lightweight result transformations, suitable for processing by the central result store.
In agentless deployments, a Joval-enabled application (called a sensor) is deployed to one or more hosts with network connectivity required to scan the target environment. Sensors are capable of performing both credentialed and non-credentialed scans over the network — even wide-area networks — and can accommodate complex network topologies including SOCKS and HTTP proxies, and multi-hop SSH gateways. Joval sensors can also be used to generate result transformations suitable for processing by a central result store.
Joval is also capable of performing vulnerability and compliance scans against a variety of offline file formats, such as router configurations and Docker images. For the best results when scanning Linux images, Joval must be deployed to a suitable helper server or Docker container.
Since all three deployment models are equally integration-friendly, it is simple to implement them simultaneously in a hybrid deployment model. This is common in host-based deployments where it is also necessary to scan network infrastructure components, on which software cannot be deployed.
Both the Joval Enterprise and Joval SDK products support all three deployment options.
Since there is no database infrastructure required, Joval scalability is limited only by the number of sensors that can be deployed. Originally designed to make it possible to manage an entire datacenter from a single appliance, Joval sensors have been demonstrated to perform over 3000 STIG benchmark scans per hour from commodity hardware. This represents a marked improvement over traditional client-server datacenter management software suites, which frequently require a specialized hardware investment to approach similar levels of scalability.
Host-based deployments are scale-limited only by the capacity of the orchestration system employed to operate the Joval utilities distributed across the environment.
Joval has been designed for performance across multiple dimensions. The product is capable of processing benchmarks — with many thousands of rules — that bring competing products to their knees. It has also been optimized to be able to perform scans over the network very quickly, often even faster than host-based scanners.
Perhaps most importantly, however, we recognize that your servers and desktops serve a business purpose. The storage, processor capacity and RAM available on a computer is not there for the exclusive use of a runaway security scanner. Therefore, Joval’s scan activities — whether performed on the host or over the network — are deliberately designed to be low-impact and unobtrusive on the target.