CVE hotspots at a glance

June 30, 2022
| No comments
CVE hotspots at a glance

Share post

Spotlights at a glance: WatchGuard launches new CVE overview page. Single point of contact for WatchGuard users, MSPs and channel partners lists important information about potential security vulnerabilities.

With the new CVE overview page, WatchGuard's Product Security Incident Response Team (PSIRT) has created a platform that is specifically aimed at all users, MSPs and channel partners of WatchGuard products. This lists currently known vulnerabilities and vulnerabilities (Common Vulnerabilities and Exposures, CVE) in detail and offers further information on how to deal with these anomalies - across the entire WatchGuard portfolio. In addition, assessments and research are shared on industry-wide security issues that may impact WatchGuard products or services as well. This gives network administrators and IT managers a central point of contact with consolidated information that enables them to react quickly to current security events. All content can also be called up easily and automatically via RSS feed.

White hat hackers can also report vulnerabilities

On the PSIRT page, security advisories are divided into three main categories (Image: WatchGuard).

At the same time, white hat hackers and security researchers will find helpful information on the site if they themselves want to report a vulnerability that they have identified. In addition to specific instructions as to which information is important in the course of such a submission, there is also a “safe harbor” clause. With this, WatchGuard ensures protection against legal action in connection with reporting and/or researching the vulnerability. Sven Wulf, Managing Director of Schneider & Wulf EDV-Beratung GmbH & Co. KG: “In view of a constantly changing threat situation and especially in the case of zero-day attacks, quick action is required. The information and recommendations for action proactively provided by WatchGuard on the new CVE overview page offer an invaluable advantage in the fight against cyber threats of all kinds.”

WatchGuard's goal is to help administrators identify important security issues. They receive concrete assistance including possible workarounds. The PSIRT site publishes security advisories from the following three main categories:

  • The first category includes vulnerabilities that the WatchGuard team has identified itself in the Firebox model lines as well as other products and that require immediate attention. Both details about the vulnerability and its severity are shared (without providing information that could be useful for attackers), as well as advice on how to contain it or concrete recommendations for action. In this way, administrators can quickly understand the potential effects of a vulnerability and react appropriately - for example, via the specifically listed software upgrades or described configuration changes.
  • It also considers industry-wide vulnerabilities (an example being Log4Shell) that raise questions among customers and partners about their potential impact on deployed WatchGuard products. In this category, WatchGuard provides managed services providers and other users with all relevant information without actively requesting it or having to search for it elsewhere.
  • The third category includes reports of vulnerabilities in WatchGuard products found by outside researchers. This is WatchGuard's appreciation of the hard work of everyone who works with the Product Security Incident Response Team (PSIRT) through an open and accountable dialogue. It's about acknowledging their work in the best possible way and at the same time giving customers a comprehensive picture of the weak points uncovered from the outside and possible effects.

Ensuring compliance

Last but not least, the new PSIRT page makes it easier for companies to comply with compliance guidelines. When admins run audits or vulnerability scans, they are alerted to relevant CVEs and related upgrades or fixes that are required. By clearly weighting each individual vulnerability according to its severity, IT administrators and their teams can prioritize the implementation of countermeasures. However, customers and partners should always ensure that the WatchGuard products always have the latest firmware and that published patches are installed in a timely manner. In this way, they can actively contribute to keeping the risk as low as possible.

Ultimately, the PSIRT page is a reflection of WatchGuard's commitment to helping managed service providers, partners and customers stay ahead of attackers in the face of increasingly complex threat scenarios. In the future, as part of industry-wide best practices, successive information and functions will be added to further optimize the processes involved in tracking and reporting vulnerabilities.

More at WatchGuard.com

 

About WatchGuard

WatchGuard Technologies is one of the leading providers in the field of IT security. The extensive product portfolio ranges from highly developed UTM (Unified Threat Management) and next-generation firewall platforms to multifactor authentication and technologies for comprehensive WLAN protection and endpoint protection, as well as other specific products and intelligent services relating to IT security . More than 250.000 customers worldwide rely on the sophisticated protection mechanisms at enterprise level,

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more

PR News
, , , , , ,