About Software Vulnerability Assessment
The exploitation of software vulnerabilities is a leading means of attack against networked servers, whether in or out of the cloud. For both compliance and general security reasons, organizations with networked software must ensure that all system and application components are protected from exploits that use known vulnerabilities. Patching those vulnerabilities can help you to avoid malicious exploits, remote buffer overflow attacks, denial-of-service attacks, and other security compromises.
Defending against exploits. Defense against these attacks usually means installing the latest vendor-supplied security patches and upgrades. Scoring and ranking vulnerabilities for the risks they pose to your business is important to prioritizing your remediation efforts. Constant monitoring is also required, to ensure that new threats and vulnerabilities are identified and addressed, and that software changes and upgrades are examined for vulnerabilities in a timely fashion.
Halo software vulnerability assessment is an important component of CloudPassage Halo's Threat Management capability. Halo regularly scans all of your protected servers to detect known vulnerable packages.
These scans identify software vulnerabilities in your servers by comparing the versions of your servers' software packages (operating system, drivers, daemons, and applications) against the National Institute of Standards and Technology (NIST) database of Common Vulnerabilities and Exposures (CVE), in conjunction with other information. Each resultant vulnerability has a score (assigned by NIST) according to the Common Vulnerability Scoring System (CVSS) and compared against a threshold value that you can set in the Halo Portal. Software packages with scores above your specified threshold are considered critical vulnerabilities and are flagged as such in reports.
Here's how a vulnerability scan works:
- A Halo user (Halo Professional subscription required) logs into the Halo Portal to manually initiate a scan or define a schedule for automatic scanning.
- The Halo Grid initiates a scan of each Halo-protected server, on which the Halo agent compares the versions of installed software packages to the version numbers of vulnerable packages as defined by NIST.
- To minimize the occurrence of false positives, all vulnerabilities found are further filtered by applying other third-party feeds and additional proprietary information generated by CloudPassage researchers.
- The servers' Halo agents report the set of found packages to the Grid, which in turn compares them to the CVE data and reports all detected vulnerabilities back to the Portal, which displays them as scored security events.
- The Halo user or security admin remediates the vulnerabilities or schedules them for remediation through the organization's patch management program.
Remediating vulnerabilities. To remediate detected vulnerabilities, you can take any of these steps:
- Apply the latest patches that address the reported vulnerabilities.
- Remove unnecessary packages that contain vulnerabilities.
- Create exceptions for vulnerabilities that you will address in the near future or that do not pose an actual threat of exploit to your server installation.
Long-term goal. Your ultimate goal in performing regular ongoing vulnerability scans should be to lower the number of security events (reported vulnerabilities) over time. The lower the number of events that occur—especially critical events—the more confident you can be that your servers are well protected against software exploits.
// <![CDATA[ var pdfTitle="Software Vulnerability Assessment"; var pdfURL="http://www.cloudpassage.com/document_images/SVA_Guide/software_vulnerability.pdf"; specifyPDF(pdfTitle, pdfURL); // ]]>