CISA’s Known Exploited Vulnerabilities Catalog
TL;DR Tutela now checks detected CVEs against the CISA Known Exploited Vulnerabilities Catalog and displays this in the “Discover” dashboard as “exploit available”
The US’ Cybersecurity & Infrastructure Security Agency (CISA) has started tracking “Known Exploited Vulnerabilities” [KEV]. In a nutshell, CISA maintains a list of vulnerabilities which they know are currently being exploited in the wild. The usefulness of such a list is best described by them on their site:
The KEV catalog sends a clear message to all organizations to prioritize remediation efforts on the subset of vulnerabilities that are causing immediate harm based on adversary activity. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.
The KEV catalogue regularly crops up on security related sites which are reporting on attacks, a couple examples below:
Tutela leverages the KEV catalog
As CISA themselves highlight, organizations can use the catalog to further prioritize which vulnerabilities they should address. Tutela already had a similar concept. Any detected vulnerabilities are matched against the Exploit Database, and any vulnerabilities which are found in that database are highlighted in the “Discover” dashboard as having an “Exploit Available”:
This feature provides the perfect basis for integrating CISA’s KEV catalogue. Now, in addition to Exploit Database, Tutela regularly checks the CISA KEV catalogue and marks any vulnerabilities included in that catalogue as also having an “exploit available” (since CISA has observed this vulnerability as being exploited in the wild).
By filtering on the “exploit available” feature, defenders are able to focus on those vulnerabilities which are not just theoretical but which represent a clear and present danger to their organization’s security.
