BackBox platform update enhances CVE mitigation and risk scoring
After releasing Network Vulnerability Manager (NVM) in Q4 2023, BackBox has announced a major platform feature update that gives customers the ability to mark irrelevant or already-mitigated Common Vulnerabilities and Exposures (CVEs) as “mitigated,” helping network teams manage CVEs and their relevance to the organization.
In addition, as CVEs are marked as mitigated, the organization’s risk scores are adjusted to provide an accurate view of the impact vulnerabilities have on overall security posture and to help best prioritize vulnerability remediation.
BackBox has also improved its User Interface (UI) to help network engineers manage mitigated CVEs and give them the flexibility to view their organization’s risk posture either by CVE or by device. Service providers get additional flexibility to view risk posture by customer or site.
According to a 2022 analysis of CVEs data, “unpatched software is a top three access route for hackers and patching remains the single most important thing you can do to secure your technology.”
“Our customers appreciate that we make network vulnerability management easy by empowering them to see their risk scores update in real-time through the CVE ‘mitigated’ feature and closed-loop remediation,” said BackBox CEO Andrew Kahl. “NVM now gives customers an even more relevant dashboard into their active security vulnerabilities and directs them to the remediation activities that will have the greatest impact.”
BackBox launched Network Vulnerability Manager in October 2023 to integrate automated OS upgrades and network configuration management capabilities with network vulnerability management into common workflows. NVM is purpose-built for network teams to easily discover vulnerabilities in their network, prioritize CVEs according to their unique risk profile, and automate remediation, no matter the network complexity.
In a 2023 survey conducted by Wakefield Research on behalf of BackBox, 92% of 250 network and security operations professionals said there are more network updates needed than they can keep up with, and 61% of companies reported that they only upgrade network and security devices quarterly or less frequently. 48% of survey respondents said their company has not implemented or invested deeply in network automation, opening them up to security breaches, ransomware, and other serious issues.
NVM differentiators include:
- Delivering contextual information about CVE severity through a rich data feed that integrates information from CISA, the National Vulnerability Database (NVD), the National Institute of Standards and Technology (NIST), and vendor websites.
- Helping put vulnerabilities in context with a risk score so that network engineers can prioritize remediation based on potential impact to the organization.
- Enabling network teams to take action against vulnerabilities and automate the remediation process to stay ahead of vulnerabilities.