Firmware vulnerabilities can put your business and your customers’ sensitive data at risk, leading to easy entry to hackers, diminished sales, reputation loss and penalties. In order to avoid these mishaps, it is important to identify these firmware vulnerabilities and take corrective measures regularly.
With Network Configuration Manager, you can now identify potential firmware security vulnerabilities in your network devices and take action. Network Configuration Manager acts as firmware vulnerability scanner and works in accordance with NIST vulnerability management (National Institute of Standards and Technology) by fetching firmware vulnerability data and correlating it with the network devices which are currently managed in your infrastructure. At present, Network Configuration Manager provides firmware vulnerability management for Cisco IOS, Cisco ASA, Cisco Nexus and Juniper devices.
Network Configuration Manager provides info on all the vulnerabilities by firmware vulnerability scanning in your network in the Firmware Vulnerabilities page. You will be able to view the vulnerabilities in three ways.
Under "All vulnerabilities" tab, you will be able to view all CVE IDs/Vulnerabilities in your network which are in accordance with NIST vulnerability management. Upon clicking the CVE ID, you will be able to view all the devices associated to that CVE ID. This gives you a complete device firmware vulnerability management.
Under "Exposed Devices" tab, you can have a device-based vulnerability view, where Network Configuration Manager lists devices that have a firmware vulnerability. On drilling down, you will be able to see all the CVE IDs (vulnerabilities) of that particular device. This helps you know the number of devices in your network having vulnerabilities.
Under "Version Distribution" tab, Network Configuration Manager lists all the affected versions in your environment. All the firmware security vulnerabilities will be grouped based on the firmware version they fall under and those versions will be displayed. On drilling down, you will be able to view all the devices along with their CVE IDs, that belong to the same version.
By clicking on the CVE ID, you can you can get in-depth information about a device's firmware vulnerability management
Date of publishing/modification: In the CVE details page, you can see the date the CVE ID was published and last modified.
Vulnerability summary: You can also see the summary which shows information about what the vulnerability is and on which device the vulnerability was reported first.
Reference URL: You can also see reference URLs, which provides vulnerability patches for remediation.
Vulnerability status: You can see a status bar with options to mark the status of the vulnerability. You can edit this status anytime.
Network Configuration Manager categorizes the severity of vulnerabilities based on the "Base score" which is calculated based on a few metrics like Exploitability Metrics (Attack, Complexity, and Authentication) and Impact Metrics (Confidentiality, Integrity, and Availability). Here is the split up of how the severity is categorized:
Firmware vulnerability data from NIST vulnerability management can be synced with the DB of Network Configuration Manager. Users can set a time of schedule in order to sync data on a daily basis. When a schedule time is set, the synchronization of vulnerability data happens automatically at the exact time of schedule. Network Configuration Manager also allows you to edit/change the time of schedule as per your convenience. If no schedule time is set, sync happens every night at 2 a.m by default.
If you wish to update the Vulnerability data in the NCM UI immediately instead of the scheduled time, you can give the "Update Now" option. When "Update Now" is given, the latest firmware security vulnerability data will be updated in the Network Configuration Manager's DB.
Vulnerability DB sync for closed networks: If your network is closed, you will not be able to update vulnerability database automatically using firmware vulnerability scanning with data from NIST vulnerability management. In that case, you can go for a manual import of vulnerability data.
Note: Modification of the imported dump by the customer may lead to corruption of vulnerability dump present in Network Configuration Manager.
Network Configuration Manager, which is acting as firmware vulnerability scanner, provides firmware vulnerability reports to help you gain clarity into the affected devices, its status and the remediation for the vulnerability. You can export firmware vulnerability reports in the form of PDF and CSV file. You can also email firmware vulnerability reports to your mail address.
With "Advanced CVE search" you can globally search for all the vulnerabilities by searching using the vendor name, CVE ID, device OS number, version or a model. For eg: If you search "Cisco IOS 7000", all the firmware security vulnerabilities present in that particular model will be listed. On further clicking it, you will be able to see all the details of the vulnerability corresponding to a particular CVE ID.
Thus, Network Configuration Manager helps you achieve in-depth firmware vulnerability scanning and management. Also, check out firmware upgrade and firmware vulnerability widgets feature to know about bulk firmware upgradation and vulnerability dashhboards. Try out Network Configuration Manager using the 30-day free trial and see how you can manage firmware security vulnerabilities in your network!