Enterprises concerned with network security are familiar with such a scenario: almost every day through security media and network security vendors receive a large number of vulnerability information, and will be advised to fix as soon as possible. Although more and more enterprises invest in network security increased year by year, it is still a very challenging thing to fix all vulnerabilities in the first time.
For enterprises, repairing loopholes not only requires the resource allocation of professionals, but also involves the impact on business. However, they are always worried that major security accidents will be caused if loopholes are not repaired in the first time. In the age of information explosion, the security problem faced by enterprises is not only how to find security problems, but also how to prioritize the huge number of vulnerability alerts received every day.
In order to help enterprises in the first place to repair one of the most important loophole, to better protect the enterprise network security, ali cloud, cloud shield Ann knight added based on vulnerability function of the loopholes in real assets actual situation the impact analysis, to help users find real risks from large holes in the hole, hole repairing priority decisions for the user to provide support, assist the bug fixes.
From vulnerability Real Impact Analysis to “Personal Customization” of Network security
The true impact analysis of vulnerability refers to the true impact of a vulnerability on the current network environment of the enterprise. The true impact analysis of vulnerability by Knight Ann is measured by the final risk score of vulnerability.
The final risk score of vulnerability will be considered from four dimensions: CVSS score of vulnerability x time factor X user’s actual environment factor X asset importance factor
Basic CVSS points of software vulnerabilities:This factor is derived from the CVSS2/3 base score of the vulnerability. The severity score of the bug itself.
Time factor:That is, the time factor that affects the vulnerability risk. In order to make up for the deficiency of CVSS score, the time factor is a dynamic change curve that integrates the time delay of vulnerability mitigation measures being deployed and the popularity of vulnerability utilization methods.
Different from the time of vulnerability outbreak, the impact of vulnerability will be relatively different. For example, the vulnerability exposure is large in the first three days of vulnerability disclosure, but the vulnerability utilization may be relatively difficult. With the passage of time, there will be more and more mature methods to exploit vulnerabilities, and the actual difficulty of exploiting vulnerabilities will decrease. There was a difference in the actual impact of the bug between the two periods.
User’s actual environment factors:The actual environment of the user is crucial to judge the true impact of the vulnerability. Knight will comprehensively consider the conditions required for the exploitation of the vulnerability and the situation of the user’s machine to obtain a risk multiplier. For example: whether the current machine has public network traffic or whether the vulnerability is exploited remotely or by the neighboring network, the risk coefficient obtained by combining different conditions will be different.
User asset importance:When the user has a large number of machines, the importance score can be assigned to different machines/assets in the current use scenario. We will include the user-defined score into the calculation of vulnerability repair suggestion score, providing valuable reference for the user to repair the vulnerability in an orderly manner
Finally, after a series of algorithms, the influence factors of these four dimensions are fully integrated, and the final risk score of the vulnerability is reached, which means that each vulnerability repair suggestion provided by Knight is highly customized security suggestion based on the enterprise’s own situation.
The seemingly impossible governance of cyber security is no longer a problem
Imagine a scenario: as the person in charge of enterprise security, on the eve of an important conference, received a request to governance the company’s information security, and actually solved the security “debt” owed before, and needed to repair the existing high-risk vulnerabilities within a week.
On the console, you can see that tens of thousands of software vulnerabilities have been scanned, among which a typical high-risk vulnerability is DNSMASQ Stack overflow vulnerability (CVE-2017-14491). This vulnerability can be directly attacked from the outside, leading to the server being controlled by the attacker. There are also open and mature ways to exploit it, which is easy to exploit. Such vulnerability is very threatening and needs to be repaired in time. However, the vulnerability exists on many servers, and the repair process involves restarting critical infrastructure such as DNS, so it needs to be done carefully.
On the one hand, there are thousands of loopholes and thousands of machines. On the other hand, the IT department of the company has limited manpower in charge of information security. How to repair the most harmful loopholes as far as possible within a week?
If we rely on the traditional way, it may take more than a week to repair the DNSMASQ vulnerability. This information security governance task will be an extremely difficult “battle”, and even may not be completed.
If this enterprise uses Ann knight, the situation will be very different. Taking the vulnerability in the case as an example, the repair suggestion function of Knight can quickly calculate the machines that are seriously affected by the vulnerability through the analysis of the true impact of the vulnerability, and give effective suggestions for the repair sequencing of enterprises in a very short time. Not only that, the other tens of thousands of vulnerabilities will carry out the real impact calculation, filtering out the vulnerabilities that do not need to be fixed in the first time, will ultimately help enterprises focus their efforts, so that seemingly impossible information security governance tasks can be completed within the specified time.
Vulnerability true impact analysis can bring not only efficient network security governance for enterprises, but also “customized” vulnerability management is just the beginning. Anknight is committed to intelligent learning and understanding of business, so that security is no longer the burden of enterprises, so that business without worries faster development.