Know what’s really going on
Last month when Cisco acquired Splunk one of the quotes I read on LinkedIn that jumped out at me was that this acquisition makes sense because:
As networks get more complex, it’s important to know what’s really going on.
I couldn’t agree more with that sentiment. And to me that’s one of the most important things about Network Vulnerability Manager (NVM).
It’s one thing to track vulnerabilities.
It’s even useful to track them based on the network hardware / software you think you’re using.
Dynamic Inventory
It’s a whole other thing to tie a dynamic inventory of your actual network, compiled live from the devices themselves, into a vulnerability and threat intelligence database so that you know exactly where you’re vulnerabilities lie.
Let’s think about this for a second. There are too many cases where inventory is kept on a spreadsheet or in a closed system (a CMDB that you can’t integrate with, at least easily). Because any time you’re manually tracking data or exporting data from the source to use, I can guarantee you it’s got mistakes.
With BackBox NVM, inventory is taken directly from machines themselves, modeled and then compared to a similarly modeled threat and vulnerability database. Each time the inventory is run, the whole thing is updated. This means that if you automatically run the inventory each day, any device adds and changes are captured automatically and checked against known vulnerabilities.
Rich Vulnerability and Threat Intelligence
It’s lazy to simply use CVEs as a proxy for threats.
Yes, CVEs identify vulnerabilities and where they apply (and how to mitigate them). However, they don’t provide the full scope of the threat.
My simplest example is the information we collect from CISA — has this vulnerability been exploited in the wild. Where many people will use the CVE and the CVSS score as a way to score the threat, what about actually exploited threats? There’s a lot more information available to you than just the CVE… and BackBox uses that additional information to score the threat and prioritize the remediation.
What’s really going on?
Back to my original phrase – “what’s really going on?”
We know your real inventory. And, it’s updated live (with each running of the inventory automation).
We know your real threat level… not just what the CVE tells you.
And, we map those together to present your network’s actual vulnerability state.
Other Solutions
There are a lot of solutions that surface network vulnerabilities. But they’re missing these three key things:
- They’re missing mapping the vulnerabilities to a dynamic network inventory.
- They’re missing out on data beyond the National Vulnerability Database of CVEs.
- They’re missing the ability to mitigate or remediate the vulnerabilities as part of the overall solution.
On that last point, we see this all the time. People have some system that gives them visibility into their network but not the ability to do any sort of configuration management.
It’s important to realize, I’m talking about network devices specifically. There are many great solutions for remediation of endpoints. Why? Because you can put an agent on an endpoint that allows for control over the device. What you can’t do is run an agent on a network device or a firewall. That means current ways of remediating vulnerabilities are limited when it comes to network devices.
At least, it has been until BackBox Network Vulnerability Manager.
Mitigation and Remediation of Network and Security Devices Requires Automation
Automation plays an important role in achieving timely remediation. (Gartner, August ’23 Market Guide for Vulnerability Assessment)
The way to remediate vulnerabilities is to update device software (once a patch has been released). Before an update is available, there is sometimes advice on configuration changes that mitigate the vulnerability. Of course, if you make configuration changes as a simple way to mitigate the vulnerability before updating the OS… you want that same system to know to roll-back any changes made after the OS has been updated.
All of this speaks to building vulnerability management on an automation platform. It’s the automation platform that makes control of the devices active. That keeps the remediation inside the loop of the “discover, identify, remediate” workflow.
And of course, with BackBox’ API we integrate with other systems as well. That means we can help keep a CMDB up-to-date. We can open trouble tickets in ServiceNow when vulnerabilities need patching or remediation. And we can surface devices-at-risk to network monitoring dashboards like LogicMonitor or Paessler PRTG so that administrators understand their actual network risk exposure.
Building vulnerability management on top of network automation is so powerful that, frankly, I can’t understand how anyone thinks about network vulnerability management in any other way.