How BackBox Validates Vulnerability Data That’s Relevant to You

Chanoch Marmorstein

Chanoch Marmorstein

Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Conceptual Illustration

The odds of your network and security devices being disrupted by breaches are increasing. Threat actors leverage known vulnerabilities in devices such as firewalls and routers because they are ripe sources for data gathering and cyber espionage, where bad actors can sit undetected for long periods of time. And since 25% of network vulnerabilities remain unpatched for over one year, they have plenty of time to plan and execute their attack. 

Many solutions focus on endpoint and cloud vulnerabilities but not on the network, and there are a handful of vendors that help address vulnerabilities in network-based devices, but don’t cover security devices. 

A powerful capability that only BackBox offers is vulnerability intelligence. This includes discovering and matching known vulnerabilities to your inventory of network and security devices, prioritizing them by risk and security posture, and providing options to automate updates or apply configuration workarounds.

We are often asked how we identify vulnerabilities or CVEs that are relevant to our customers’ networks.This blog walks you through the checks and balances we have implemented to provide timely, vendor-agnostic vulnerability information relevant to your environment.

Step 1:

The industry has three primary trusted sources for CVE information, including:

 

  1. The National Vulnerability Database (NVD) maintained by the National Institute of Standards and Technology (NIST), who assigns the official CVE number for the vulnerability and maintains a repository enriched with context to provide additional information on severity for scoring purposes.
  2. The Cybersecurity and Infrastructure Security Agency (CISA) maintains a catalog of vulnerabilities, CISA KEV catalog, known to be exploited in the wild to help organizations prioritize CVEs relevant to them.
  3. Device vendors issue advisories that include details on the vulnerability, affected device versions, the impact, workarounds, and patches or updates when available. However, it’s important to note that there are no CVE reporting standards or requirements in place that vendors must meet. So, this information’s  quality, timeliness, and availability varies by vendor.

To ensure the validity of the data we provide customers, we compile the latest CVE information from each of these trusted sources. We focus on the network and security devices our customers work with. Because we’re vendor agnostic, this includes tracking vendor advisories from 180+ vendors.

Step 2:

We also continually monitor for updates released by these sources and reflect those in the BackBox platform. Algorithms that evaluate, analyze, and combine structured and semi-structured data sources take a little time to do their work. However, you can expect changes released via RSS feeds to happen continuously, and other updates are reflected within hours or days, once they become publicly available. 

Imagine having to do the initial compilation and ongoing maintenance work manually. It can be very time consuming and resource intensive, especially when you are supporting many devices and device types. It’s like trying to use the internet in the early days before Google. Any time you wanted the latest information on a topic, you would have to remember where you got that information, go back to the website, and see if there were any valuable updates. 

With BackBox, we quickly add CVEs into the system. You don’t have to think about where to get the data or remember to check for updates regularly. The data is available through dashboards in the BackBox platform and accessible with a few clicks, saving you time and resources.

Step 3:

An additional measure we take to ensure the validity of the data for your network environment is that we map it to your device inventory. 

As part of the customer onboarding process, we work with you to create an inventory of all your network and security devices. Your device inventory is updated every time a backup is completed, taking advantage of already being connected to the device and also separate from the backup when running a vulnerability job. Inventory information includes the device manufacturer, type, model number, and firmware and software version.  

Back to the challenges of doing this manually, if you’ve updated or added a new device, you don’t have to remember to check for CVE data on the latest device and version. The CVE data we present to you has already been cross-referenced against your current inventory data and automatically updated to include vulnerability data that reflects the changes in your inventory. 

Trust is Earned

We take great pride in the fact that over 500 enterprises worldwide trust BackBox as their cyber resilience platform of choice for network devices. We recognize that trust is earned. That’s why we put a series of checks and balances in place to validate device vulnerability data and ensure it is relevant to you. Compiling and maintaining it for you in a way you can trust allows you to stay on top of vulnerabilities with a few clicks, automate mitigation, and have confidence in your ability to build resilience to disruptions.

Related content

January 14, 2025

How BackBox Validates Vulnerability Data That’s Relevant to You

Read Now
December 26, 2024

Top 5 Things to Know About Cyber Resilience for Network Devices

Read Now
November 20, 2024

5 Ways BackBox Helps Organizations with the EU Cyber Resilience Act

Read Now

See for yourself how consistent and reliable your device backups and upgrades can be

Request a Demo
Contact Us