The NSA Hack and New Zero-Day Vulnerabilities
‘Auction’ of NSA Tools Sends Security Companies Scrambling
— New York Times, August 18, 2016
Recent news headlines described how zero-day vulnerabilities in network security equipment discovered by the NSA have been released by a hacker group. As if that wasn’t bad enough, here have been reports that this group plans to auction off the malware code supposedly created by the NSA to exploit those vulnerabilities. Wikileaks tweeted that they have the full exploit code and will be releasing it. This means that both the vulnerabilities and their sophisticated exploits are either already in the wild or will soon be.
Cisco and Fortinet have stated that the disclosed vulnerabilities are legitimate, and each have published security bulletins to that effect. Cisco’s security advisory can be found here and Fortinet’s here. It is expected that other vendors’ products have also been compromised.
Who actually discovered the vulnerabilities, who wrote the malware code to exploit them and how and when it will become available makes for interesting news headlines; but security professionals have a pressing need to act quickly on the news. Every organization needs to immediately discover which of their devices are vulnerable to these exploits and perform the necessary actions to fix those vulnerabilities. That’s where Skybox Security comes into play. We have a variety of different products that can help you develop the proper course of action to protect your network infrastructure.
Skybox®Vulnerability Control with its Vulnerability Detector capability can be used to quickly check for these newly discovered vulnerabilities without performing a time consuming network scan, and then provide the remediation recommendations to allow you to neutralize the risk. You can then perform an attack simulation to see if you’ve effectively protected your network assets.
Skybox®Horizon provides the visibility you need to understand your attack surface, including Indicators of Exposure such as new vulnerabilities. Skybox generates a visual, interactive model that links network topology, security controls, security policies and zones. As a result, you can quickly create a plan to protect your organization from the attacks expected to be generated by this malware.
The Skybox®Vulnerability Center provides detailed information on vulnerabilities from more than 1,000 products derived from more than 25 different vulnerability databases and threat intelligence sources. Specific information on these newly disclosed vulnerabilities can be found here.
Read the whitepaper Attack Your Attack Surface to learn how comprehensive attack surface visibility and modeling combined with Indicators of Exposures can create agile, responsive and proactive security programs.
In this video, learn how Skybox Vulnerability Detector powers scanless vulnerability detection to provide daily, contextualized vulnerability intelligence on your network and fill in blind spots where active scans may miss.
Create your free, customized profile at Skybox Vulnerability Center to track the vendors and products that matter most to your organization.
Originally published at blog.skyboxsecurity.com on August 22, 2016.