arrow down
Arrow down
Arrow down
Arrow down
Vulnerability Management
 | Apr 05, 2023

Tame the CVE Beast using a Digital Twin

There are never enough hours in the day to do everything. I think we all have a to-do list that is at least twice as long as the time available to complete it. To cope, we prioritize what’s “on fire” or what has the most potential to immediately cause damage if it’s not taken care […]
Visit us at RSA Conference 2023

There are never enough hours in the day to do everything. I think we all have a to-do list that is at least twice as long as the time available to complete it. To cope, we prioritize what’s “on fire” or what has the most potential to immediately cause damage if it’s not taken care of. Often the things we “should” focus on fall to the wayside as they are outshined by what we must do immediately. This is especially true when the ”should do” tasks are tedious and time-consuming. 

Unfortunately, CVE management for network devices often falls into the “should do” category.  

I doubt you could find a security professional who would say that just hoping CVEs are resolved is a good strategy. Yet, for many companies, that’s exactly what happens. I met a CIO recently at a very high-profile Fortune 100 company who reluctantly admitted that they have no idea if they’ve resolved all the high-risk CVEs affecting their network; without data, they rely on hope and assure the rest of the team that everything will be OK. This CIO fully recognizes that this approach is unacceptable, but given current tools and circumstances, it’s the best they can do.  

Why is CVE management such a burden? 

CVE management is highly complex due to the ever-increasing volume of CVEs issued overlayed with the complexity of networks. 

CVEs issued by year:

Source: CVE Details 

Each of these CVEs is not only specific to a device but also to the operating system version and the enabled features on that device or specific deployment as outlined in the CVE. In some instances, network administrators would need to go to a vendor site for details on which configurations are vulnerable, which makes remediating them exponentially more complex.  

There are several common reasons for deprioritizing CVE remediation: 

  1. Resource Constraints: CVE management is extremely labor-intensive. IT departments are facing flat budgets and a talent shortage. While the importance of CVE remediation is never in question, teams need to prioritize addressing the most significant and likely to be exploited vulnerability; CVEs don’t often make this threshold.  
  1. Complexity: Many enterprises have multiple teams that work to assess and remediate CVEs. In some cases, the process involves several highly skilled engineers and can take weeks.  
  1. Lack of Communication: CVE management is never the responsibility of an individual – or even a single team. Many IT departments don’t have effective collaboration mechanisms in place, and a lack of effective communication creates delays in remediating vulnerabilities. 

What are the risks of CVE mismanagement? 

The most obvious risk is falling victim to a cyber-attack by a bad actor or a data breach. Both of which can lead to tens of millions of dollars in losses. Additional concerns include compliance violations (which come with exorbitant fines, legal costs, and loss of trust) or outages that lead to loss of revenue and customer dissatisfaction.  

How does a digital twin improve CVE management? 

The most obvious way a digital twin helps is through advanced vulnerability analysis. Advanced digital twin technology safely collects config and state information on every device in the network. The digital twin then knows which devices in the network are impacted by a CVE based on their OS version, configuration, and enabled features. Additionally, the digital twin also leverages the vendor-specific data not included in the NIST database to provide a comprehensive risk assessment. Based on the OS version, configuration, and enabled features, it knows which devices are most exposed to the internet (ergo, which devices have the most significant risk).  

Forward Networks takes this information and compares it against the NIST database and vendor-specific announcements, such as the Cisco Security Advisories, to deliver an at-a-glance prioritized remediation plan. Enhanced analysis increases the likelihood that a device reported as potentially vulnerable is actually vulnerable, which helps with prioritizing remediation efforts. This information is always up to date, and with integrations such as ServiceNow, we can automatically open tickets for resolution that include all the pertinent information. To learn more about how we do this, read the use case

For a full demonstration of the technology, meet us at the RSA Conference in San Francisco, April 24 – 27 in booth 4225. Enjoy an energizing cold brew while you talk security with our experts. 

Do you have any comments for us? Share them on social media

Dawn Slusher

Senior Manager, Content Marketing and Media Relations

Related Posts

Browse all posts
Industry Recognition

Awards

Winner of over 20 industry awards, Forward Enterprise is the best-in-class network modeling software that customers love.
2022 Synergy Award
2023 Mobile Breakthrough Award
2023 Cloud Computing Award
2024 Globee Awards Winner for Cybersecurity
2022 Customer Service Award
2024 Globee Award Winner - Disruptor
2023 Stratus Award
Security Today Award
The Security Awards
2023 Cyber Defense Magazine
Broadband Award
The Golden Bridge Award
2022 Cyber Security Award
GSMA 100 Award
Global Infosec Awards Winner 2023 - Cyber Defense Magazine
Target Tech Innovation Award
Info Security Gold and Silver Award
Gartner Cool Vendor Award
visit our press room

Subscribe to our newsletter

Make sure you don't miss a post by signing up here for our monthly 'Moving Forward' newsletter
Top cross linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram