Recently, a critical vulnerability, CVE-2024-3400, was discovered in the Palo Alto Networks PAN-OS software, posing a substantial risk to affected systems. In this blog post, we will discuss the nature of this vulnerability and how Forward Networks can assist organizations in swiftly identifying and addressing their risk exposure.

Understanding CVE-2024-3400:

CVE-2024-3400 is classified as a command injection vulnerability and specifically affects the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability, present in certain PAN-OS versions and specific feature configurations, enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Forward Networks OS Vulnerability feature enables customers to immediately identify if their PAN-OS software versions and feature configurations are susceptible to CVE-2024-3400. The easy-to-read report is also exportable, including details on which (if any) devices are impacted to make remediation a simple process.

Example vulnerability report indicating the presence of CVE-2024-3400
Example vulnerability report indicating the presence of CVE-2024-3400

The Forward Enterprise network digital twin is integrated with the National Vulnerability Database (NVD) – in this case, from the NIST website – to provide customers with always accurate insights into their network infrastructure's vulnerability status. API integration with third party applications such as Tenable and Rapid 7 delivers users insights into end-point vulnerability and provides prioritized remediation plans.

To learn more about the Vulnerability Assessment capabilities in Forward Enterprise, please read the use case or view the demo.

Trying to convince SecOps teams they need more data is like trying to convince a drowning person they need more water. SecOps teams are so overwhelmed they can’t even respond to 67% of the alerts they receive. On average, SecOps teams receive 4,484 alerts per day and spend over three hours per day manually triaging the alerts, costing $3.3 billion annually in the US alone. (Source: Vectra 2023 State of Threat Detection)

The problem is that the high-volume of data they are receiving lacks context. When you receive over 20,000 CVE announcements and over 1.5 million alerts, you do not need more data; what you need is actionable, timely data that provides context and a path for remediation.

Forward Enterprise is integrated with the NIST database and endpoint scanning solutions, Rapid7 and Tenable. This integration provides security teams a prioritized remediation report of the vulnerabilities that exist in their network ranked by exposure.

Join our co-founder, Nikhil Handigol on Thursday, August 24th at 2:00 p.m. EDT/11:00 a.m. PDT to see this in action.

During a live technical session, Nikhil will demonstrate our Tenable integration and highlight how the solution delivers complete attack surface visibility, empowering SecOps to proactively identify impacted hosts with critical vulnerabilities accessible from the Internet or other critical exposure points in seconds.

You’ll see how the integration with Tenable delivers an actionable exposed host report that incudes:

Most importantly, Nikhil will demonstrate how a mathematical model of the network helps make the plethora of network vulnerability data actionable.

Register for your seat now. [If you miss the live session, it will be immediately available on-demand via that same link.]

Cybersecurity is front and center as part of our national defense strategy. Civilian networks responsible for life-sustaining services such as water and power must be protected with the same vigor as networks that host sensitive data.

To accomplish this the Department of Homeland Services developed the Continuous Diagnostics and Mitigation (CDM) program in 2012. CDM supports government-wide and agency-specific efforts to provide risk-based, cost-effective cybersecurity solutions for protecting federal civilian networks by providing financial assistance to civilian government agencies as they focus on improving their security posture by:

Forward Networks is an approved vendor in all 8 functional capability categories. The data collected and analyzed by the Forward Networks platform is instrumental to ensuring that the network security posture matches expectations.

Knowledge-driven Security

Forward Enterprise helps agencies comply with CISA Binding Operational Directive (BOD) 23-1. Using Forward Enterprise, security professionals can identify vulnerabilities before becoming a threat. Because Forward Networks can scan your network multiple times per day without performance degradation, it delivers timely, actionable alerts to security professionals. In conjunction with third-party application integrations, the level of detail in alerts empowers engineers to remediate any errant configurations or known critical vulnerabilities before they cause an incident. The three most popular security use cases are:

To learn more about Forward Networks’ work with federal agencies, visit https://www.forwardnetworks.com/federal/.

We are asked to purchase something 4,000 times every day; that’s roughly once every 13 seconds during our waking hours. These “requests to purchase'' often come in the form of marketing messages that test the bounds of credibility. In the software industry, most of us have trained ourselves to question vendor promises vociferously. And vendors have earned this skepticism through years of launching “slideware” or incomplete products that turned customers into unwitting beta testers.

Technology decision makers are rightfully skeptical. They want proof that a solution will perform as promised and that it will work in their environment. Furthermore they need to be comfortable that the solution can be deployed without introducing security risks or performance issues. As a company pioneering a new category (network digital twins), we get that.

Our co-founder, Brandon Heller, loves it when people don’t just take our word for it about the Forward Enterprise platform capabilities. He also absolutely loves talking with people who don’t believe we can do things like:

Brandon is going to be sharing our platform and how enterprises are using Forward Enterprise to solve very complex problems and show the platform live. Bring your skepticism and your questions and put him to the test.

Because Brandon says that for him to trust applications - he needs to get his hands on the keyboard. Everyone who registers will receive a free two-week trial of Forward Cloud through AWS Marketplace - that way you can put your hands on the keyboard and experience the platform for yourself.

When: 11:00 a.m. Pacific/2:00 p.m. Eastern, September 28, 2022


Where: BrightTALK


Register Now


One lucky attendee will win a new Series 8 Apple Watch (must be present during the live session to win).

If you’re too excited to wait for the session, we got you - get a personalized demo from one of our field technicians where you can ask questions and focus on the use cases that are most important to your company (Security Verification, Cloud Modeling, Network Assurance).

Headline grabbing vulnerabilities, like SolarWinds and Log4Shell, target management software and end hosts, but if you search for “most exploited vulnerabilities” on Google, you will quickly learn that some of them directly target network and security devices as well as server load balancers.

These are the 3 most exploited CVEs in the last couple of years:


Would you be surprised to learn that network device operating systems can be vulnerable to security flaws like any other software? To remediate this risk, network and security administrators need a vulnerability management program in place. Having the right processes and technology in place can save time while protecting the network security posture.

A common approach is to split vulnerability management into two phases:

  1. Build a list of affected devices and related vulnerabilities
  2. Prioritize and address these vulnerabilities

Build a list of affected devices and related vulnerabilities 

Publicly disclosed security vulnerabilities have an assigned CVE (Common Vulnerabilities and Exposures) ID number and a severity level based on their impact. CVEs help you to coordinate the efforts to prioritize and address these vulnerabilities to make systems and networks more secure. Most enterprise networks have evolved over time and include devices from several vendors running multiple versions of operating systems. Knowing that a vulnerability was announced doesn’t give a clear picture of the organization's correlative risk.  

Large enterprises do their best to keep an accurate inventory of devices and their state, but given that most companies have experienced mergers, IT department turnover, and are resource constrained, this inventory is rarely current. Because networking vendors typically fix security vulnerabilities by issuing a new OS version, a detailed and up-to-date inventory is paramount. Trying to conduct this analysis manually is expensive, time-consuming, and error prone.

To make the analysis easier, faster, and more reliable, Forward provides a network devices vulnerability analysis that automatically compares the CVE information from the NIST National Vulnerability Database (NVD) with OS version running on the devices in your network.

This analysis provides a list of all possibly affected devices and related vulnerabilities. “Why possibly affected?” you might ask. Keep on reading and you will find out why.

The following screenshot shows an example of network vulnerability analysis in the Forward UI.

Fig 1: Forward device vulnerability analysis

The summary at the top shows the number of CVEs detected as well as the number of devices impacted.

The table shows a summary view of the CVEs including CVE ID, Severity, Description, Impacted OS, Impacted versions, and the number of Possibly impacted devices.

The Details page shows you information about devices that are impacted by that CVE like Device, Model, OS version, and Management IPs.

Fig 2: CVE details page

Prioritize and address vulnerabilities

One of the fundamental issues is that the number of vulnerabilities and devices affected can be overwhelming, making it difficult to prioritize which devices should be updated first. Filtering vulnerabilities by severity provides some help but typically the number of Critical and High severity vulnerabilities is still so high that it‘s challenging to determine a starting point. This is where the notion of “possibly affected devices” becomes pertinent. Some vulnerabilities can impact a device only if specific configurations are present, a specific feature is turned on, or they are deployed in a way that is explained in the CVE. This information is not in the NIST database, network engineers have to research vendor sites such as the Cisco Security Advisory repository to get this level of detail. 

There’s a better way

Monitoring the latest descriptions and automatically checking them against the device configurations in your network is best performed by software — it frees up highly skilled engineers to spend time on proactive strategic initiatives and is far more accurate. For many NOC teams, this capability would be A dream come true, or Like Christmas came early, right?

Well, that is exactly what Forward Enhanced Vulnerability Analysis provides!!

No more manual, tedious, and error-prone hunting for those configs on every single “possibly affected” device, one by one, that would take forever.

Just an always accurate, always updated list of devices that are actually vulnerable! Remediation efforts can be prioritized based on risk severity to ensure effort is directed to keeping the network as safe as possible.The screenshot below shows the Detected based on field. This field indicates that there is an at-risk device in the network that matches the OS version only (OS version match) or is running the impacted OS version and matches the vulnerable configuration (Config match).

Fig 3: Filtering by detection type

Additional resources

Watch this 3 minute video:

Read the use case to learn more about how Forward Enterprise can help limit your CVE exposure. Stay tuned with Forward Networks announcements because some great new innovations about vulnerabilities are...coming soon...

On June 28, we announced new features within Forward Enterprise that help security engineers spend less time on reactive tasks so they can be more proactive. Why would a networking company expand into the security space?  Good question.  Let me share some of the reasoning that led to expanding deeper into this space, and why I am excited about it.

Reason 1: The overwhelming and urgent need. 

Last year, the SolarWinds hack shocked the world with both the vector and its breadth of reach across the world, reminding us all of the importance of security, especially within the network.  Since then we’ve continued to see additional examples such as the recent Colonial Pipeline ransomware attack.  These are both preventable and containable.

Reason 2: Demand from our customers.  

Deployments that were originally triggered by a need for network operator-oriented visibility and verification have also seen adoption and used by their peer security engineers to solve a range of daily work tasks.  These security engineers have been highly enthusiastic about the time savings they gain by getting instant answers to network questions with Forward Networks, without needing to talk to a long chain of humans and spending hours to days gathering such information in their old way of working.  Based on this success, they have been asking us for an expanded security capability set, with an ultimate goal of a single unified view and platform for both the network and security teams to collaborate around.

Reason 3: Unique capabilities from unique technology.  

What do we do?  Put simply, we use math to organize network information, in the form of a digital twin, and make that network information accessible to people and machines.  This approach requires analyzing every possible way a packet could flow through your network.  And yes, that is effectively a comprehensive pen test that runs on our customers’ global networks  10s of times per day!  That data enables network verification like that is nothing like the testing or mapping you’re used to.

Reason 4: Hack Week.  

In April, our engineering team had a week to work on anything.  What did they choose to do?  Security.  Working closely with customers and having an impact is why they are here.  Many of the projects created “easy buttons” for common (and highly complex) security tasks, and when shown to security teams, their feedback was clear: “I want this, yesterday.”

Those are all solid reasons, but I want to add my own take, from doing SecOps at a Stanford Lab, to setting up security infrastructure when founding this company, and now answering to a board about security.

A large fraction of security incidents can be both prevented, or at least tightly contained – but only if a strong network security and segmentation policy has been implemented.  An ever-growing list of vendors are scrambling to provide different components of a Zero Trust solution for your business, but even if you buy one (or more) of these solutions, how do you know if you’ve implemented them correctly?  In the financial world, we have auditors to confirm that we have correctly implemented the appropriate financial practices. The same mechanism is critical for network security, and this is what Forward Networks provides in the form of network and security visibility and verification.

I’m proud to announce our latest release, 21.5, which includes these new marquee security-focused features:

All of these new capabilities can be used on both your live network, as well as any historical snapshot you’ve taken in the past (for forensics), and all can be easily integrated via API into your automation framework of choice.

This is just the beginning of our security journey, and we’d like to bring our unique capabilities as a partner on your Zero Trust security journey.  If you’d like to learn more, please request a demo.

Top cross