Recently, a critical vulnerability, CVE-2024-3400, was discovered in the Palo Alto Networks PAN-OS software, posing a substantial risk to affected systems. In this blog post, we will discuss the nature of this vulnerability and how Forward Networks can assist organizations in swiftly identifying and addressing their risk exposure.

Understanding CVE-2024-3400:

CVE-2024-3400 is classified as a command injection vulnerability and specifically affects the GlobalProtect feature of Palo Alto Networks PAN-OS software. This vulnerability, present in certain PAN-OS versions and specific feature configurations, enables an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.

Forward Networks OS Vulnerability feature enables customers to immediately identify if their PAN-OS software versions and feature configurations are susceptible to CVE-2024-3400. The easy-to-read report is also exportable, including details on which (if any) devices are impacted to make remediation a simple process.

Example vulnerability report indicating the presence of CVE-2024-3400
Example vulnerability report indicating the presence of CVE-2024-3400

The Forward Enterprise network digital twin is integrated with the National Vulnerability Database (NVD) – in this case, from the NIST website – to provide customers with always accurate insights into their network infrastructure's vulnerability status. API integration with third party applications such as Tenable and Rapid 7 delivers users insights into end-point vulnerability and provides prioritized remediation plans.

To learn more about the Vulnerability Assessment capabilities in Forward Enterprise, please read the use case or view the demo.

I hate spiders, a lot. But I really hate the idea of a Scattered Spider Attack which can jump between environments that you may have believed were segmented at an alarming rate. That is the stuff of real nightmares for networking and security professionals.

Keeping up with your security posture isn’t easy. We’re all doing our best, but is it good enough? One CISO we talked to hired a consulting firm to map out their security posture. $3 million and 3 months later, they had a security posture matrix that was already out of date. Understanding your security posture is priceless, but only if the information is accurate. This is precisely the knowledge that the SecOps team would need to stop such an attack in its tracks.

Can your organization visualize lateral movement in your network to understand what an attacker can potentially access once inside your network? There may be diagrams that could show this level of data, but let's face it: how often are these updated? The same holds for spreadsheets; this connectivity may live in several spreadsheets, but even if they are updated promptly, how can you correlate this data in an easy-to-understand way? Teams need to understand the potential fallout from the point of view of a compromised host. This is all just in your on-premise infrastructure; what happens when you add the cloud? You just increased the difficulty of obtaining a clear picture of how an attacker can laterally move around the network to impossible.

Using Forward Enterprise's Blast Radius feature gives the appropriate team unprecedented visibility into data that is impossible to piece together in a timely manner without a network digital twin. This gives operators a view into the environment like they have never had before. Suppose you suspect a host is compromised or would like to do a routine audit to ensure your segmentation policies are configured as they should be. By using Forward’s Blast Radius feature, you can see data for both on-premise and cloud endpoints to instantly identify all devices reachable by a compromised host to streamline remediation efforts by quickly disabling the port the device is connected to. This is done for both on-premise devices and in the cloud if there is an integration with endpoint vulnerability scanners like Rapid7 and Tenable.SC to pull in and see pertinent information about the device's vulnerabilities.

Trying to convince SecOps teams they need more data is like trying to convince a drowning person they need more water. SecOps teams are so overwhelmed they can’t even respond to 67% of the alerts they receive. On average, SecOps teams receive 4,484 alerts per day and spend over three hours per day manually triaging the alerts, costing $3.3 billion annually in the US alone. (Source: Vectra 2023 State of Threat Detection)

The problem is that the high-volume of data they are receiving lacks context. When you receive over 20,000 CVE announcements and over 1.5 million alerts, you do not need more data; what you need is actionable, timely data that provides context and a path for remediation.

Forward Enterprise is integrated with the NIST database and endpoint scanning solutions, Rapid7 and Tenable. This integration provides security teams a prioritized remediation report of the vulnerabilities that exist in their network ranked by exposure.

Join our co-founder, Nikhil Handigol on Thursday, August 24th at 2:00 p.m. EDT/11:00 a.m. PDT to see this in action.

During a live technical session, Nikhil will demonstrate our Tenable integration and highlight how the solution delivers complete attack surface visibility, empowering SecOps to proactively identify impacted hosts with critical vulnerabilities accessible from the Internet or other critical exposure points in seconds.

You’ll see how the integration with Tenable delivers an actionable exposed host report that incudes:

Most importantly, Nikhil will demonstrate how a mathematical model of the network helps make the plethora of network vulnerability data actionable.

Register for your seat now. [If you miss the live session, it will be immediately available on-demand via that same link.]

Security teams rely on vulnerability scanners to proactively locate vulnerabilities in network
devices, hosts, and applications. These tools help improve the overall security posture of the
network by remediating exposure before bad actors have an opportunity to exploit it.
Although incredibly helpful, the data delivered by these tools is often overwhelming and not
presented in an actionable manner.

Forward Exposure Analysis helps security teams prioritize vulnerability remediation by combining the host vulnerability data provided by vulnerability scanners like Rapid7 InsightVM or Tenable Security Center with Forward Networks' modeling capabilities. By integrating with these popular tools, Forward Networks empowers security teams to identify in seconds any impacted hosts with critical vulnerabilities that can be accessed from the Internet or any other critical exposure point.

The Forward Enterprise platform helps make sense of the extensive data provided by vulnerability scanners by categorizing the data into three segments: Exposure Points, Overview, and Vulnerability Report. The Exposure Points default to the internet, but users can add additional exposure points like VPN connections. The Overview provides a high-level analysis that makes it easy to identify the number of vulnerable hosts and whether those hosts are modeled by Forward Enterprise. The Vulnerability report is perhaps the most valuable, detailing every vulnerable host that is exposed. Exposed host reporting includes:

To see the Exposure Analysis feature in action please watch a short video:

Forward Networks, a provider of network digital twin technology that delivers network agility, predictability, and security for on-premises and multi-cloud environments, made an announcement this week around new capabilities added to the Forward Enterprise platform that will give security and network operations professionals a single, actionable and contextual view of the network.

To learn more, VMblog reached out to David Erickson, the co-founder and CEO of Forward Networks.

VMblog:  Can you describe what you announced this week?  And what does it mean for customers?

David Erickson:  This week we announced new capabilities for our award-winning Forward Enterprise platform, that will help network and security professionals better understand and remediate vulnerabilities throughout the network, including endpoints. We've integrated with Rapid7 to combine end-device vulnerability data with robust and always-up-to-date connectivity analysis. Additionally, we've enhanced flexibility to define a security posture matrix. Now the security posture can be using the L2 through L4 segmentation methodology many enterprises have already employed in their network, e.g. VRFs, on-premises and cloud subnets, and cloud security groups. Forward Enterprise also now supports L7 path search capabilities using attributes such as user IDs, user group IDs, and application IDs to provide more granular connectivity insight... [READ MORE on VMBLOG]

New Product Features and Rapid7 Integration Provide End-to-End Security Posture Verification and Enhanced Visibility to Help Engineers Accurately Prioritize Remediation

SANTA CLARA, Calif., June 2, 2022 /PRNewswire/ -- Forward Networks, the only provider of network digital twin technology that delivers network agility, predictability, and security for on-premises and multi-cloud environments, today announced new capabilities within the Forward Enterprise platform that give security and network operations professionals a single, actionable and contextual view of the network.

By integrating with Rapid7, a leading provider of security analytics and automation, Forward Networks is combining end-device vulnerability data with robust and always-up-to-date connectivity analysis to help enterprise organizations address the challenges of the security talent shortage and flood of unactionable data. The combined data uniquely positions security teams to prioritize remediation efforts with mathematical accuracy.

"Forward Networks is the only company with a mathematically-based network digital twin that can accurately model current and possible network behaviors, information critical for security teams who need to act quickly and accurately," said David Erickson, Co-founder, and CEO of Forward Networks. "With this information just mouse clicks away, security teams can better assess the vulnerability of their network and prioritize remediation and prevention efforts by focusing on the exposures that present the greatest possible risk. Modeling a diverse group of hardware vendors, cloud providers, and integration partners, Forward Networks uniquely serves the needs of network, security, and cloud operations teams with a single source of truth so they can work strategically and proactively."

There are many tools that evaluate device vulnerabilities, but without the knowledge of how that device is connected to the network, security teams only have a limited view of potential exposure. Often, they choose to focus on keeping devices up to date no matter what vulnerabilities are detected, or they focus on vulnerabilities without considering the exposure of individual systems and devices. With the Rapid7 integration, Forward Networks is the only company that can show an organization's actual risk including on-premises, multi-cloud, and SD-WAN in an actionable single screen. This type of data presentation helps teams focus on the work that will have the most impact on the network.

In addition to the Rapid 7 Integration, Forward recently enhanced the security posture matrix and added Layer 7 (L7) application and user ID connectivity analysis to the platform to give security teams a comprehensive look at the security posture. New capabilities include:

Forward Enterprise is designed to simplify the management of large, complex, multi-vendor networks. It mitigates the biggest issue businesses face with network operations: risk. By creating a mathematical model of the entire network infrastructure, the software delivers a "digital twin" that serves as the single source of truth for the network. The actionable information presented in the platform helps engineers ensure their network is agile, predictable, and secure.

Forward Networks' new security features and Rapid7 integration will be available in July, and will be offered as part of standard licensing at no additional cost.

About Forward Networks

Forward Networks is revolutionizing the way large networks are managed. Forward's advanced software delivers a "digital twin" of the network, enabling network operators to verify intent, predict network behavior, and simplify network management. The platform supports devices from all major networking vendors and cloud operators, including AWS, Azure, and Google Cloud Platform.

Forward Networks was founded in 2013 by four Stanford Ph.D. graduates and is headquartered in Santa Clara, California. Investors include Goldman Sachs, Andreessen Horowitz, Threshold Ventures, and A. Capital.

There is no shortage of alerts concerning security vulnerabilities. Unfortunately, the deluge of data available is overwhelming and not specific enough to be actionable. We don’t think that’s very helpful, so we’ve integrated our platform with Rapid7 InsightVM to ensure that our customers have full visibility into their security posture, including endpoints, and that they know how to prioritize remediation.

The Forward Enterprise platform already collects detailed topology, configuration, and state information across the on-premises network. This information and our mathematical model is used to create a digital twin of the network capable of determining all possible traffic paths. Combining this data with the end-point security visibility and analytics of Rapid7 provides SecOps teams unprecedented visibility into their security posture and helps them prioritize vulnerability remediation with mathematical certainty: SecOps teams are now able to identify within seconds which end-host impacted by critical vulnerabilities can be accessed from the internet and which compromised end-hosts can access internal critical infrastructure.

Given the ever-worsening security talent shortage, SecOps teams cannot afford to waste a single second. There are many tools that evaluate device vulnerabilities, but without the knowledge of how that device is connected to the network, security teams only have a limited view of potential exposure. Often, they choose to focus on keeping devices up to date no matter what vulnerabilities are detected, or they focus on vulnerabilities without considering the exposure of individual systems and devices. With the Rapid7 integration, Forward Networks is the only company that can show an organization’s actual risk including on-premises, multi-cloud, and SD-WAN in an actionable single screen. This type of data presentation helps teams focus on the work that will most impact the network.

The Rapid7 integration is part of Forward Networks’ ongoing commitment to support security professionals with actionable data, so less time is spent reacting, and more time is spent enhancing the security posture.

The Rapid7 integration is included in standard Forward Enterprise licensing at no additional cost. Learn more about the security capabilities of Forward Enterprise at: www.forwardnetworks.com/security

Top cross