It's that time of year again when all security professionals converge in San Francisco for the RSA Conference (RSAC). This marks the second year that the conference has been back in full swing since the pandemic, and it was great to be there to discuss our solution with the attendees!

This year, RSAC attendees were transported to the Forward Networks Roadhouse. This is a place of solitude to share your network security concerns with one of our “bartenders.” As the attendees walked past the booth, there were two general impressions. First and foremost, “This is the best booth I have ever seen,” which was quickly followed by, “That is one sweet bike! Is there a raffle for it?” At this point, after we broke the news that, unfortunately, the bike was not for sale, the woeful attendee walked up to the bar and sat down. Our bartenders offered a refreshing cold brew (coffee) and a helpful ear as they explained their network security woes.

Fear not; those woes did not go on deaf ears, as our knowledgeable bartenders acknowledged all their security and network woes and showed how Forward Networks' mathematically correct digital twin was precisely the tool they needed to end their concerns! The attendees saw that by using Forward Enterprise, they would be able to sleep at night, knowing that the next time their cloud security posture was audited, it would be following the corporate security standards. They also learned that they no longer needed to fear undetected critical vulnerabilities, as Forward Enterprise uses their network data alongside the NIST database to to deliver a prioritized remediation plan, including what devices are affected by them and the lines of configuration that cause that vulnerability.

The biggest takeaway from presentations at RSAC is the industry's rapid adoption of Artificial Intelligence (AI) and Machine Learning (ML). Now, the ease of access to Large Language Models (LLMs), such as ChatGPT, enables the infrastructure to become more adaptable, self-healing, and open to more automated ways to make configuration changes. Operations teams are turning to AI-based diagnostics for troubleshooting and issue remediation. Seeing these technologies being more broadly spoken about and adopted in several ways further solidifies their place in the industry.

If automated changes happen in the environment, the question arises: How can you ensure that the change will not negatively affect the network? LLMs are constantly learning, and how can you ensure that the change you ask the system to perform will not cause any undesired changes in the network? Forward Networks' Verify function can ensure that the intent of how the network behaves is exactly as it should be behaving. Forward Networks Verify will look at any checks defined to ensure the intent of the network is correct and that nothing has changed that could cause an adverse condition in the environment. This is not only compared and validated with the organization's on-prem network but with the cloud and virtual overlay networks as well.

If you were not able to visit the Forward Networks Roadhouse at RSAC this year and would like to learn more about how a digital twin can help with your organization's security posture, request a demo with our technical team!

There are never enough hours in the day to do everything. I think we all have a to-do list that is at least twice as long as the time available to complete it. To cope, we prioritize what’s “on fire” or what has the most potential to immediately cause damage if it’s not taken care of. Often the things we “should” focus on fall to the wayside as they are outshined by what we must do immediately. This is especially true when the ”should do” tasks are tedious and time-consuming. 

Unfortunately, CVE management for network devices often falls into the “should do” category.  

I doubt you could find a security professional who would say that just hoping CVEs are resolved is a good strategy. Yet, for many companies, that’s exactly what happens. I met a CIO recently at a very high-profile Fortune 100 company who reluctantly admitted that they have no idea if they’ve resolved all the high-risk CVEs affecting their network; without data, they rely on hope and assure the rest of the team that everything will be OK. This CIO fully recognizes that this approach is unacceptable, but given current tools and circumstances, it’s the best they can do.  

Why is CVE management such a burden? 

CVE management is highly complex due to the ever-increasing volume of CVEs issued overlayed with the complexity of networks. 

CVEs issued by year:

Source: CVE Details 

Each of these CVEs is not only specific to a device but also to the operating system version and the enabled features on that device or specific deployment as outlined in the CVE. In some instances, network administrators would need to go to a vendor site for details on which configurations are vulnerable, which makes remediating them exponentially more complex.  

There are several common reasons for deprioritizing CVE remediation: 

  1. Resource Constraints: CVE management is extremely labor-intensive. IT departments are facing flat budgets and a talent shortage. While the importance of CVE remediation is never in question, teams need to prioritize addressing the most significant and likely to be exploited vulnerability; CVEs don’t often make this threshold.  
  1. Complexity: Many enterprises have multiple teams that work to assess and remediate CVEs. In some cases, the process involves several highly skilled engineers and can take weeks.  
  1. Lack of Communication: CVE management is never the responsibility of an individual – or even a single team. Many IT departments don’t have effective collaboration mechanisms in place, and a lack of effective communication creates delays in remediating vulnerabilities. 

What are the risks of CVE mismanagement? 

The most obvious risk is falling victim to a cyber-attack by a bad actor or a data breach. Both of which can lead to tens of millions of dollars in losses. Additional concerns include compliance violations (which come with exorbitant fines, legal costs, and loss of trust) or outages that lead to loss of revenue and customer dissatisfaction.  

How does a digital twin improve CVE management? 

The most obvious way a digital twin helps is through advanced vulnerability analysis. Advanced digital twin technology safely collects config and state information on every device in the network. The digital twin then knows which devices in the network are impacted by a CVE based on their OS version, configuration, and enabled features. Additionally, the digital twin also leverages the vendor-specific data not included in the NIST database to provide a comprehensive risk assessment. Based on the OS version, configuration, and enabled features, it knows which devices are most exposed to the internet (ergo, which devices have the most significant risk).  

Forward Networks takes this information and compares it against the NIST database and vendor-specific announcements, such as the Cisco Security Advisories, to deliver an at-a-glance prioritized remediation plan. Enhanced analysis increases the likelihood that a device reported as potentially vulnerable is actually vulnerable, which helps with prioritizing remediation efforts. This information is always up to date, and with integrations such as ServiceNow, we can automatically open tickets for resolution that include all the pertinent information. To learn more about how we do this, read the use case

For a full demonstration of the technology, meet us at the RSA Conference in San Francisco, April 24 – 27 in booth 4225. Enjoy an energizing cold brew while you talk security with our experts. 

Everyone and their mother has a booth at the RSA Conference (RSAC) where they want to sell you something shiny and new. We aren’t everybody, and we don’t have a booth at RSAC— we have a Roadhouse, a place where you can and will be embraced, understood, and HELPED. 

Life is hard, trade shows are hard, and network security is hard AF. We don’t think it should be; our approach to RSAC isn’t about pitching, selling, or convincing. We want to offer a place of respite where you can tell your tales of network and cloud security woe to another technical person who understands. While you are there, enjoy a craft root beer, get a boss (temporary) tattoo (does anybody still say boss?), and share your stories with our “bartenders” who are field technicians when they aren‘t pulling drafts. They can offer a knowledgeable ear, share experiences, and maybe eliminate some of your work burden. 

If you want something a little stronger than root beer, join us at booth 3217 on Wednesday, June 8, 4:00 – 5:30 p.m. for the pub crawl, as we pre-party before our event at SPIN SF.  We’d love it if you joined us at SPIN too, sign up here.  

Learn more about our security solutions.  

Top cross