Yes, it is possible to pull feeds down via proxy server using configuration files.
For many organizations, 2017 was a rough security year. Cyberattacks made news repeatedly, headlined by WannaCry in May, NotPetya in June, and BadRabbit in October to name just a few. WannaCry was the most notorious and publicized ransomware attack, with a cost estimated between $4 billion and $8 billion. However, NotPetya proved to be more destructive because, even though it advertised itself as ransomware, there was no way to recover the encrypted files. Its resulting cost to organizations was estimated at over $10 billion.
Unfortunately, cyberattacks have only increased since 2017. And while there are many threat vectors that cyber criminals exploit, software security vulnerabilities continue to provide a broad attack surface. Maintaining patch currency on your endpoint devices remains key to reducing this attack surface. ZENworks Patch Management has been helping Patch administrators do this for years through a combination of policy-based and on-demand patching.
In ZENworks 2020, we’ve upped our focus on security, giving you better tools to identify the software security vulnerabilities that impact your devices, remediate (i.e. patch) an identified vulnerability, and track your remediation progress across all devices impacted by the vulnerability.
To do this, we introduced the use of industry-standard Common Vulnerabilities and Exposures, or CVEs. CVEs are software security vulnerabilities that have been discovered, reported, and assigned a CVE ID at mitre.org. The U.S. National Vulnerability Database takes the CVE IDs and enhances the data by applying its Common Vulnerability Scoring System to determine severity.ZENworks imports CVE data from the NVD at least once a day and creates relationships between each CVE and its associated patches. Once a scan is performed on a device to discover which patches are installed, ZENworks determines if the device is vulnerable to any known CVEs.
To identify the software vulnerabilities that impact your devices, we added a new Security dashboard in ZENworks Control Center that includes three CVE dashlets.Two of these dashlets—the CVE Severity Distribution dashlet and Top CVEs dashlet—let you see all CVEs that apply to your devices.
In the case of the CVE Severity Distribution dashlet, the CVEs are organized by the NVD-assigned severity (Critical, High, Medium, Low, None).
Okay, so I can hear you now: “Yes, the dashlets provide great information, but now I need to be able to do something about all those vulnerabilities!” I agree, which is why we’ve made it so you can easily remediate a CVE from any of the dashlets. When you click a dashlet, it expands to show you much more information, including the number of devices that are vulnerable to each CVE. You can select a CVE with vulnerable devices and click Deploy Remediation. The patches required to remediate the CVE are distributed and installed to each vulnerable device, with each device receiving only the patches it requires. ZENworks also keeps track of patch supersedence to ensure that any new patches that replace the remediating patches do not affect the vulnerability status of the remediated devices.
You can absolutely use the CVE Severity Distribution and Top CVEs dashlets to track the current vulnerability status of devices for any CVE. However, the third dashlet—the CVE Tracker dashlet—is uniquely designed to help you focus attention on an individual CVE (or group of related CVEs). Take, for example, the Google Chrome vulnerability (CVE-2019-13720) that is currently being exploited in the wild. By using the CVE Tracker dashlet, you can not only see the current number of vulnerable devices for the CVE but also view the vulnerability trend over time so you know whether the number of vulnerable devices is increasing or decreasing. You can create as many tracker dashlets as you’d like.
I’m really excited about the CVE Tracker dashlet and what you can do with it. That’s why I’ve dedicated a separate blog to cover it. In the near future, look for “Emerging threat? No problem! Track it, remediate it, repeat as necessary.”
Now all that’s left is to give it a try.
If you have a ZENworks Patch Management subscription, the new Security Getting Started in ZENworks Control Center can help you activate the CVE subscription service and start using the CVE dashlets.
If you don’t have a Patch Management subscription, you can use the 60-day evaluation to check out all of the Patch Management functionality, including the new CVE capabilities. After the evaluation expires, if you are licensed for ZENworks Configuration Management you’ll still be able to see Microsoft-related CVEs that impact your device, you just won’t be able to remediate the vulnerabilities. The Security Getting Started in ZCC steps you through everything you need to do to set up and use Patch Management.