WannaCry? Not anymore. Software vulnerability tracking debuts in #ZENworks2020!

2 Likes
over 1 year ago

For many organizations, 2017 was a rough security year. Cyberattacks made news repeatedly, headlined by WannaCry in May, NotPetya in June, and BadRabbit in October to name just a few. WannaCry was the most notorious and publicized ransomware attack, with a cost estimated between $4 billion and $8 billion. However, NotPetya proved to be more destructive because, even though it advertised itself as ransomware, there was no way to recover the encrypted files. Its resulting cost to organizations was estimated at over $10 billion.

Unfortunately, cyberattacks have only increased since 2017. And while there are many threat vectors that cyber criminals exploit, software security vulnerabilities continue to provide a broad attack surface. Maintaining patch currency on your endpoint devices remains key to reducing this attack surface. ZENworks Patch Management has been helping Patch administrators do this for years through a combination of policy-based and on-demand patching.

In ZENworks 2020, we’ve upped our focus on security, giving you better tools to identify the software security vulnerabilities that impact your devices, remediate (i.e. patch) an identified vulnerability, and track your remediation progress across all devices impacted by the vulnerability.

Introducing Common Vulnerabilities and Exposures

clipboard_image_0.png

To do this, we introduced the use of industry-standard Common Vulnerabilities and Exposures, or CVEs. CVEs are software security vulnerabilities that have been discovered, reported, and assigned a CVE ID at mitre.org. The U.S. National Vulnerability Database takes the CVE IDs and enhances the data by applying its Common Vulnerability Scoring System to determine severity.ZENworks imports CVE data from the NVD at least once a day and creates relationships between each CVE and its associated patches. Once a scan is performed on a device to discover which patches are installed, ZENworks determines if the device is vulnerable to any known CVEs.

Identifying your devices’ software vulnerabilities

To identify the software vulnerabilities that impact your devices, we added a new Security dashboard in ZENworks Control Center that includes three CVE dashlets.

Two of these dashlets—the CVE Severity Distribution dashlet and Top CVEs dashlet—let you see all CVEs that apply to your devices. 
 

clipboard_image_1.pngIn the case of the CVE Severity Distribution dashlet, the CVEs are organized by the NVD-assigned severity (Critical, High, Medium, Low, None).

clipboard_image_2.pngFor the Top CVEs, the CVEs are organized by most recently published (the default), by severity score, or by number of vulnerable devices. You can customize these dashlets and save them as new dashlets; for example, you might want one severity distribution dashlet that shows only the Microsoft CVEs impacting your Windows 10 devices, another one that shows the same for you Windows 7 devices, and a third that shows only the Adobe CVEs impacting the devices assigned to a group you’ve created for your Design Department.

 

Remediating your devices’ software vulnerabilities

clipboard_image_3.png

Okay, so I can hear you now: “Yes, the dashlets provide great information, but now I need to be able to do something about all those vulnerabilities!” I agree, which is why we’ve made it so you can easily remediate a CVE from any of the dashlets. When you click a dashlet, it expands to show you much more information, including the number of devices that are vulnerable to each CVE. You can select a CVE with vulnerable devices and click Deploy Remediation. The patches required to remediate the CVE are distributed and installed to each vulnerable device, with each device receiving only the patches it requires. ZENworks also keeps track of patch supersedence to ensure that any new patches that replace the remediating patches do not affect the vulnerability status of the remediated devices.

Tracking your remediation progress

clipboard_image_4.png

You can absolutely use the CVE Severity Distribution and Top CVEs dashlets to track the current vulnerability status of devices for any CVE. However, the third dashlet—the CVE Tracker dashlet—is uniquely designed to help you focus attention on an individual CVE (or group of related CVEs). Take, for example, the Google Chrome vulnerability (CVE-2019-13720) that is currently being exploited in the wild.  By using the CVE Tracker dashlet, you can not only see the current number of vulnerable devices for the CVE but also view the vulnerability trend over time so you know whether the number of vulnerable devices is increasing or decreasing. You can create as many tracker dashlets as you’d like.

I’m really excited about the CVE Tracker dashlet and what you can do with it. That’s why I’ve dedicated a separate blog to cover it. In the near future, look for “Emerging threat? No problem! Track it, remediate it, repeat as necessary.”

Giving it a try

Now all that’s left is to give it a try.

If you have a ZENworks Patch Management subscription, the new Security Getting Started in ZENworks Control Center can help you activate the CVE subscription service and start using the CVE dashlets.

If you don’t have a Patch Management subscription, you can use the 60-day evaluation to check out all of the Patch Management functionality, including the new CVE capabilities. After the evaluation expires, if you are licensed for ZENworks Configuration Management you’ll still be able to see Microsoft-related CVEs that impact your device, you just won’t be able to remediate the vulnerabilities. The Security Getting Started in ZCC steps you through everything you need to do to set up and use Patch Management.  

Labels:

Patch Management
New Release-Feature
How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended