Emerging threat? No problem. Track it, remediate it, repeat as necessary.

0 Likes
over 1 year ago

Software and hardware vulnerabilities are being discovered and reported at an ever-increasing pace. In 2019, the National Vulnerability Database published 17,311 CVEs for an average of 47 per day. This is up from 45 per day in 2018 and 40 per day in 2017.

Fortunately, the CVE Severity Distribution and Top CVEs dashlets in #ZENworks2020 let you easily identify which software vulnerabilities affect your organization’s devices and then deploy the patches that fix those vulnerabilities.

et-1a.png

Many software vulnerabilities are not critical and you can handle them by simply installing the next Windows 10 monthly cumulative update (or similar patch for other platforms or software applications) during your regular patch maintenance cycle. Sometimes, however, a software vulnerability emerges that is so severe it becomes an urgent threat that needs immediate attention. Some high-profile examples of these threats include CurveBall in January 2020, BlueKeep in May 2019, and WannaCry and Petya/NotPetya (EternalBlue) in May/June 2017.

ZENworks 2020 also includes a CVE Tracker dashlet that lets you target individual CVEs so that you can easily identify affected devices, remediate those devices, and track overall remediation progress across your organization. In the example below, I’ve used the default CVE Tracker to create tracker dashlets for both the CurveBall and BlueKeep vulnerabilities and placed them on my Security Dashboard.

et-2a.png

The collapsed dashlet gives a quick view of the number of still-vulnerable devices out of the total number of affected devices. For example, my BlueKeep dashlet shows that I have three devices to which the vulnerability applies but only one of those devices is still vulnerable, meaning that the patch required to remediate the vulnerability has been applied to the other two devices. The arrow shows the vulnerability trend; in this case, the black horizontal arrow indicates that there has been no change (increase or decrease) in the number of vulnerable devices since the previous reporting period.

When I expand the dashlet, I can see the status of each affected device. The Vulnerability Trend chart also shows the remediation progress each week for the last four months. As with the other CVE dashlets, the CVE Tracker dashlet’s filters can be used to modify the scope of devices included in the dashlet. And, most importantly, I can select vulnerable devices and quickly deploy the patch required to remediate the vulnerability.

et-3a.png

If you haven’t tried the CVE Tracker yet, I encourage you to do so. While many vulnerabilities never need to be tracked individually and can be remediated as part of your regular patching schedule, the CVE Tracker can be a valuable tool in identifying, tracking, and remediating the occasional fast-emerging, critical vulnerability that requires more attention.

If you’d like more information about how to use the CVE Tracker, take a look at the blog I wrote about the CurveBall vulnerability.

Oh, and one final note. In addition to the CVE Tracker, ZENworks 2020 also includes a Patch Tracker dashlet that you can use to track a patch, or group of related patches, across your devices. So, for example, you could create a Patch Tracker that includes all versions of the February Windows 10 monthly cumulative update to track the patch status of your Windows 10 devices as the patch is applied via your automated Patch policies.

Darrin VandenBos (@DarrinVandenBos)
Product Manager, Endpoint Management

Labels:

Patch Management
Reporting
How To-Best Practice
Comment List
Anonymous
Related Discussions
Recommended