November 11, 2022
Whenever a new critical vulnerability hits the world (like last week’s high severity OpenSSL vulnerabilities), security teams have to scramble to answer:
This task is increasingly not a human scale problem; the number of vulnerabilities and assets that organizations like yours have to manage, are growing exponentially. It is not uncommon for a Fortune 500 to have over 100K vulnerability instances for a CVE like this one.
The path forward lies in automation. Automation enables you to easily find and remediate vulnerabilities at scale. With automation, you can get instant visibility of impacted assets and can easily remediate vulnerabilities to reduce their exposure from weeks and months to days.
Balbix provides an automated vulnerability management solution for our customers. Instead of having to scramble to answer the questions above each time they face a new vulnerability, our customers can follow a simple playbook.
Let’s look at how Balbix customers could have used this playbook to respond to last week’s OpenSSL vulnerabilities as an example.
Last week, the OpenSSL Security team published an advisory regarding CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”). Both of these vulnerabilities are classified as high severity.
They affect OpenSSL versions 3.0.0 through 3.0.6. Any OpenSSL 3.0 application that verifies X.509 certificates received from untrusted sources should be considered vulnerable. This includes both TLS clients and TLS servers that are configured to use TLS client authentication. The recommended remediation is for users of OpenSSL 3.0.0 – 3.0.6 to upgrade to 3.0.7 as soon as possible. The recommended mitigation for TLS servers if an upgrade can’t be done immediately is for teams to disable TLS client authentication.
The first step is to identify where the CVE is present. With Balbix, you conveniently have this information at your fingertips. Balbix’s cyber asset attack surface management (CAASM) solution provides you with a continuously updated inventory of your assets, including a software bill of materials (SBOM), and vulnerabilities.
With a list of assets, it is easy to search for specific CVEs in your environment. To do so, you search for the CVE by number, as shown in the CVE Remediation screen below. The search results include the number of assets affected with the CVE. In this case there are 13 assets affected by CVE 2022-3786.
The second step is to identify how to mitigate or remediate the vulnerability. Balbix provides you with contextual information about a CVE including the published date and severity (see image above). As you can see below, Balbix also provides you with available fixes and the recommended fix. Balbix does this for each software version and identifies which assets are running those software versions.
What’s more? This information is updated in near real time. So, if new fixes become available after a few days, Balbix automatically updates that information without requiring you to run a scan.
Balbix allows you to dispatch this information to risk owners with one-click ticket creation.
Balbix’s integration with ServiceNow IT Service Management (ITSM) eliminates manual steps by allowing you to create ServiceNow remediation tickets directly within Balbix. This integration allows security and IT teams to work efficiently by using a familiar and shared system for remediation workflow.
This simple yet effective playbook helps our customers reliably identify and mitigate vulnerabilities like the recent OpenSSL ones, at scale.
As our founder and CEO, Gaurav Banga, wrote during the log4j crisis, vulnerability management is a data science problem. Balbix provides our customers with automation and advanced analytics so they can manage the huge number of CVEs present today, with speed and accuracy.
Learn how you can take full advantage of Balbix’s playbook for detecting and remediating vulnerabilities at scale by scheduling a 30-minute demo with Balbix.