SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
BackBox introduces major update to Network Vulnerability Manager
Fri, 29th Mar 2024

BackBox, the company focused on security-centric automation in network teams, has announced a new update to its Network Vulnerability Manager (NVM), three months after the initial launch. The latest feature modification will enable customers to designate Common Vulnerabilities and Exposures (CVEs) that are either irrelevant or already mitigated as 'mitigated', augmenting the capability of network teams to manage CVEs concerning their relevance to the organisation, the company states.

By marking CVEs as mitigated, the organisations will achieve an updated risk score, providing an accurate representation of the impact vulnerabilities have on the overall security posture. This will assist in effectively prioritising vulnerability remediation. According to the CEO of BackBox, Andrew Kahl, "Our customers appreciate that we make network vulnerability management easy by empowering them to see their risk scores update in real-time through the CVE mitigated feature and closed-loop remediation." This also helps to direct customers towards the remediation activities which will have the maximum impact.

The introduction of this update further advances the functionality of the Network Vulnerability Manager's User Interface. Network engineers will now have an enhanced ability to manage mitigated CVEs and have the flexibility to view their organisation's risk posture either by CVE or by specific device. Furthermore, service providers also have the added option to view risk posture by customer or site.

A study conducted in 2022 indicated that unpatched software is one of the top three entry points for hackers, consolidating the notion that patching is the single most vital action you can take to fortify your technology. BackBox released Network Vulnerability Manager in October 2023 in an attempt to amalgamate automated OS upgrades, and network configuration management capabilities with network vulnerability management into common workflows. Kahl added, "NVM now gives customers an even more relevant dashboard into their active security vulnerabilities."

In a 2023 survey commissioned by BackBox, an alarming 92% out of 250 network and security operations professionals conceded that there were more network updates needed than they could manage. Furthermore, 61% of companies admitted to upgrading network and security devices quarterly or even less frequently. Worryingly, 48% of respondents revealed that their company had not implemented or significantly invested in network automation. This negligence leaves them susceptible to security breaches, ransomware, and other serious issues.

The Network Vulnerability Manager sets itself apart from alternatives by delivering contextual information about the severity of CVEs through an extensive data feed. This feed incorporates information from numerous sources including the National Vulnerability Database (NVD) and the National Institute of Standards and Technology (NIST). It assists in putting vulnerabilities into context by providing a risk score so network engineers can prioritise remediation based on the potential impact on the organisation. Finally, this system enables network teams to take action against vulnerabilities and automate the remediation process to stay one step ahead of vulnerabilities.