hero
Security use case

Prioritizing image vulnerabilities

Achieve the highest impact on your security posture in the shortest time by focusing on the CVEs that count with eBPF-based relevancy guidance

icon

What is CVE Relevancy?

The term “CVE shock” refers to the overwhelming sensation felt by DevOps and security teams when confronted with an overwhelming number of vulnerabilities. The sheer quantity of vulnerabilities can make it difficult to determine which ones are the most critical and should be addressed first. However, CVE relevancy offers a solution to CVE shock by guiding teams towards the vulnerabilities that pose the greatest risk to their operating clusters. By focusing on these high-priority vulnerabilities, teams can effectively prioritize vulnerabilities, so they can get on with task of patching, making an actual impact on security.

CVE Prioritization options

To date, the common best practice for solving vulnerabilities is according to their score, as it is defined under the Common Vulnerability Scoring System.

Which means teams will work their way down from the vulnerabilities with the highest score to the lowest. The problem with this approach is twofold. Firstly, it perpetuates the problem of “CVE shock”. The second and more important problem is that working this way doesn’t necessarily make an impact on your cloud security posture.

Even in cases where we can’t fix everything immediately, ARMO has given our team valuable insight into the impact (or lack thereof) of said vulnerabilities that we plan to tackle next.

author label
Walker O'Brien DevOps Engineer, PIXO VR

The solution

ARMO Platform offers a solution which lies in prioritizing according to relevancy and creating contextual visibility into vulnerabilities that truly expose you to attacks. This is achieved by identifying the specific packages utilized, which determines whether a CVE poses an immediate risk or not.

 

Once you have visibility and context, the next step is to devise an action plan. We recommend using filters to prioritize and address the most critical vulnerabilities first, based on organizational guidelines and risk appetite. You can start, in the conventional way, with vulnerabilities that have higher CVSS scores, then focus on those actively used in runtime images. The refine to vulnerabilities known to have been exploited, followed by fixable vulnerabilities that can be patched. Other risk factors such as external-facing vulnerabilities or those with dangerous privileges should be considered too. These filters, prioritize vulnerabilities in a way the ensures the most critical and relevant issues are addressed first. Thus creating effective and efficient CVE patching plan.

 

solution

Benefits of prioritizing CVEs with ARMO Platform

  • Reduce the confusion around CVE prioritization and the toil associated with the assessment of CVEs in order to plan patching activities. ARMO Platform gives you handy filters to find those CVEs that are most important to patch first.

     

    In the screenshot below you can see that there are only 4 CVEs you need to patch first, to get the most impact. Setting patching priority was reduced to a few clicks on ARMO Platform and not long hours of research.

     

     

     

    It is crucial to emphasize that for optimal security, it is essential to patch, mitigate, or appropriately label all vulnerabilities, even if they are deemed less critical or marked as false positives.

Start Using ARMO Platform Now

An end-to-end Kubernetes security platform powered by Kubescape

panda
Start Now Free Forever
slack_logos Continue to Slack

Get the information you need directly from our experts!

new-messageContinue as a guest