No one could argue that endpoint security has seen great advances over the years, evolving from simple user/scheduled scans using signature technology to multi-layered protection with variations on reputation checking, behavioral analysis, predictive execution, machine learning, and other technologies on top of signature-based scanning (adding real-time/on-access scanning to the original method). At the same time, no one could argue that understanding your vulnerabilities helps bolster your security. Malware and other exploit tools take advantage of security vulnerability knowledge for their success. Heartbleed took advantage of a vulnerability in the OpenSSL code. WannaCry took advantage of a security vulnerability in the Microsoft Windows SMB protocol. More recently, the SolarWinds hack inserted malicious code into the Orion version of update software. You get the idea.
Knowledge is Power
I’m here today to share my knowledge. Vulnerabilities are tracked by their CVE (Common Vulnerabilities and Exposures) number. To help you stay better informed on known vulnerabilities, here are five resources I use to improve my own knowledge.
- MITRE
The MITRE organization, funded by the National Cyber Security Division of the Department of Homeland Security, coordinates the CVE database. This makes the link above a solid resource for up-to-date, accurate CVE information, but it might take a bit of time to learn how to access the information you desire.
- National Institute for Standards and Technology (NIST)
This site is hosted by the National Institute for Standards and Technology (NIST). The link points to the NIST National Vulnerability Database (NVD) and provides access to a full chronological list of CVEs, from newest to oldest. By drilling down, you can see that as of December 7, we already have 160 officially listed CVEs for December 2020. Going one level higher to the home page provides many options, but as with MITRE’s site, its navigation and use might not be intuitively obvious at first.
- CVE
This link, in my opinion, provides a much more user-friendly interface to CVE information. The menu on the left margin has options for easily browsing CVEs by vendor, product, date, and type. However, this site is maintained by a private security consultant, and it may not always be as current or accurate as the first two sites listed here.
- Microsoft Security Update Guide
This link points to Microsoft’s Security Update Guide vulnerabilities list, and each column can be reverse sorted to make browsing easier. Navigating one level higher provides a list with the relevant Microsoft KB article linked to the CVE, which is very valuable in regard to patching.
- Apple
Although this is not formally a security vulnerability resource, the search feature is handy for getting information on Apple products. Contrary to popular belief, Apple products are still subject to vulnerability exploits, and this resource should not be ignored as it is a quick method for finding specific information. You can enter specific criteria in the search dialog to find relevant information. For example, you could enter the search criteria IOS 9 CVE and then select the About the security content of IOS 9 CVE.
You are now empowered to find current and relevant information regarding potential vulnerabilities in your environment. Your job is to prevent exploitation of those vulnerabilities, and I can help with that, too.
Since you’ve made it to the end of my list, I have a few bonus links for you. It’s important to understand the attack techniques used during exploitation of vulnerabilities, so you can better protect against them.
- MITRE ATT&CK
Yes, the same MITRE organization that maintains the official CVE database is also a great resource for additional security information. MITRE maintains the MITRE ATT&CK (Adversarial Tactics, Techniques & Common Knowledge) framework at this link. This site also has a section on mitigations for different parts of the ATT&CK Matrix. Please make time to review this site.
- Zero Day Initiative
The Zero Day Initiative site provides good information on security advisories, with the added benefit of info on newly reported issues. The more advance notice you get, the better you can defend your enterprise.
- Threatpost
Threatpost is a good source of cybersecurity information, with stories on multiple topics including cloud security, malware, and vulnerabilities. This link provides select current security vulnerability information in a news post format, and it’s a good site to peruse whenever you have “spare” time.
About Enterprise Studio
Enterprise Studio by HCLTech helps organizations make the connections between IT and business that optimize time and multiply value for realizing the full potential of their digital business plans. Our seasoned technologists, coaches, and educators can help you unlock value from existing IT investments to become a stronger, more adaptive organization – in part by leveraging a BizOps approach so that IT outputs are strongly linked to business outcomes.
Whether you’re an established Global 500 company or a new disruptive force in your industry, we can help you navigate complexities that come with competing in an inter-connected digital era. We are a global solution provider and Tier 1 global value-added reseller of Broadcom CA Technologies and Symantec enterprise software.
Many of our experts at Enterprise Studio are from the former professional services units of CA Technologies and Symantec. For decades, our teams have supported and led organizations to innovation with powerful enterprise software solutions and cutting-edge methodologies – from business and agile management to security, DevOps, AIOps, and automation.