Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Zero Days Do Not Wait for CVEs

Zero Days Do not Wait for CVEs

Learn why an attack surface map can provide invaluable and unique help in detecting zero day vulnerabilities.

What if I were to tell you that an up-to-date attack surface map can improve your ability to find critical vulnerabilities in some cases in places where traditional network vulnerability scans can’t? Crazy to think about, I know. To understand why it is crucial, you must first understand that CVEs are only a subset of the total of all vulnerabilities.

Consider these key points:

  • The creation of a CVE often lags behind zero days because the exploits are known before anyone can properly categorize and write up the relevant CVE release for these new vulnerabilities. That is not always true, but it happens frequently.
  • CVEs are often a categorization of issues, not the issue itself. Think clickjacking – not every clickjacking vulnerability on every site has a CVE associated with it, yet it is pretty easy to find them with even a cursory glance. Have developers not attempted to report exploits in websites or in IoT devices’ web front ends? Of course, they have, but not every vulnerability gets a CVE. Why? I am not sure – but I promise you not every vulnerability that has been disclosed on every mailing list has been added, despite being publicly known. 

So what?

This has huge implications for vulnerability scanners and for how companies deal with zero days. Let’s say there is a new zero day that just popped up in “XYZ Printer,” and you want to find where you are vulnerable. There are different possibilities:

  1. It has a CVE and a signature, as the exploit is made public.
  2. It does not have a CVE yet, but it will soon. A signature may or may not be available.
  3. It does not have a CVE and will not for whatever reason. A signature may or may not be available.

In the first example, where it is public and has a signature, you are in relatively good shape if the scanner is fast enough to scan all your websites for said issue prior to an attacker doing the same. It’s a footrace but one you can and likely will win at this point if the asset is known and under service. To be successful with this path, the asset needs to be under service.

In the second and third examples, where you do not have a CVE, but you know what the issue is and you know what the signature is, or at least you know what the underlying vulnerable technology is, you have at least some information to use. Having an up-to-date attack surface map allows you to query against things that might indicate the presence of said vulnerability.

The CVE may never be written. Or the attacker might find the vulnerability before a scanner rule can be written in the case where an adversary starts with the zero day before the rest of us get to see it. Or worse yet, what if you find that you simply aren’t scanning for the vulnerability on half of your company because you don’t even know those assets exist?

How Tenable can help

Tenable does not hide the information it gathers about service banners, CPE data, HTTP headers, HTML data, and so on. These data sets can be queried in real time to quickly identify dangerous technologies without necessarily knowing what the vulnerability is in them. For instance, in the vulnerability mentioned above in our example “XYZ Printer,” there may be no easy signature for the vulnerability. However, identifying the printer may be possible by finding anything listening on printing ports, some unique string in the banner data, or some HTML string unique to that printer model.

Why is the printer online on the public internet in the first place? If you can remove said service/hardware from the public internet, that might solve your problem immediately. Or maybe you can quickly put it behind a WAF or add a firewall ACL to hide it so that only the employees who need it can access it from their IPs. That kind of mitigating control can quickly reduce risks without necessarily knowing how to find the vulnerability in question.

That is very important when assessing the overall value of having an up-to-date attack surface map. It is not just about finding your assets; it is also about giving you the ability to look deep within your attack surface map and identify risky assets at a moment’s notice. That is an enormous value-add without an additional hidden cost since – in Tenable’s case – the data is already in the attack surface map and already designed to be queried.

In this way, an up-to-date attack surface map that can be actively queried against the details of the asset metadata is an incredibly powerful first line of defense against zero days. Not knowing where your vulns are doesn’t mean they don’t exist - you have to know the asset exists and get it scanned regularly to have any hope of knowing where your issues lie. The alternative is waiting for the adversary to show you how vulnerable you really were.

Visit the Tenable.asm product page to learn more about attack surface management.


 

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable.io Vulnerability Management trial also includes Tenable Lumin, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web Application Scanning trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.cs Cloud Security.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable.io Vulnerability Management, Tenable.io Web Application Scanning and Tenable.cs Cloud Security.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Your Tenable.cs Cloud Security trial also includes Tenable.io Vulnerability Management, Tenable Lumin and Tenable.io Web Application Scanning.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Promotional pricing extended until December 31st.
Buy a multi-year license and save more.

Add Support and Training