Nerva: Service Fingerprinting
Every open port tells a story — and now Praetorian Guard reads it better than ever.
We've upgraded the service fingerprinting engine inside the Praetorian Guard Platform with Nerva, a ground-up rebuild of how Guard identifies what's running on every port across your attack surface. The same automatic fingerprinting you rely on today is now dramatically faster, more accurate, and covers far more of the modern network landscape.
This matters because knowing a port is open is only half the picture. The real question is: what service is behind it, what version is it running, and is it vulnerable? Nerva answers all three. It launches with over 120 protocol detections — from the usual suspects like SSH, HTTP, and PostgreSQL to industrial control systems, telecom infrastructure, and modern cloud services like Kubernetes and Kafka — and extracts rich metadata including version numbers and configuration details. That information flows directly into Guard's risk engine, enabling automatic CVE correlation and vulnerable service detection across your entire attack surface.
The performance leap is remarkable. Nerva identifies services 4x faster than traditional tools with 99% accuracy, using intelligent port-aware prioritization to test the most likely protocols first. This means your attack surface inventory stays current without introducing scanning bottlenecks, even at scale.
But 120 protocols is just the starting line. Nerva's detection system is fully modular — each protocol is an independent plugin, making it straightforward to add new detections as the landscape evolves. And because Nerva is open-source, the security community can contribute new detections directly, with every submission going through a rigorous audit process before inclusion. This isn't a static capability that ships and stagnates. It's an evergreen detection engine that grows continuously, driven by both our team and the broader community.
For security teams, the impact is immediate: assets that previously showed up as "port 8443 open" now resolve to "Jenkins 2.387.3" or "Kubernetes API v1.28" — with associated CVEs and risk scores already attached. Vulnerable services surface faster, blind spots shrink, and your team spends less time investigating and more time remediating.
Nerva is open-source under Apache 2.0 and available on GitHub. Read the full technical deep-dive on the Praetorian blog.