RealTime IT News

PredatorWatch Prowling For CVEs

Buried inside the vast majority of security advisories and patches issued by vendors and the security community is a standardized naming convention called CVE (Common Vulnerabilities and Exposures).

A new tool from security vendor PredatorWatch aims to take advantage of the CVE "dictionary" in order to provide a greater level of security than either a firewall or anti-virus solution alone can provide. The product does that by striking at the heart of the issue, vulnerability (in the form of CVE's) assessment itself.

According to PredatorWatch, 95 percent of all network security breaches are the result of CVEs. "A lot of people don't know what a CVE is," PredatorWatch CEO Gary Miliefsky told internetnews.com. "The reality is that today on the Internet we all are susceptible to attack."

CVE (Common Vulnerabilities and Exposures) is a standardized listing of all publicly known vulnerabilities and security exposures. The CVE "name" for a vulnerability is the standard that allows different organizations and tools to refer to the same issue and allow data to be shared by virtue of that common nomenclature. It was originally launched in 1999 and is currently sponsored by US-CERT at the Department of Homeland Security.

In a bid to help companies protect themselves against common threats listed on CVEs, PredatorWatch launched Auditor 16, a plug-and-play appliance that deploys the company's SmartScan technology in order to scan and audit up to 16 IP address.

The idea is to determine if any of the connected computers match up with a CVE vulnerability. New devices on the network are automatically detected with the Dynamic Device Detector that notices when a new device is plugged in to the network, wired or unwired.

PredatorWatch's device includes a tool called Firewall booster. A soon as a CVE is detected, a new firewall rule is automatically written that blocks network access to and from the compromised device.

In PredatorWatch's opinion, CVEs are at the root of most malware, Trojans and viruses. "Malware, trojans and viruses are all exploits of CVE's, Miliefsky explained. "So if you have a common vulnerability and exposure/CVE on your computer that malware/Trojan/virus can take advantage of that and compromise you."

Bob Martin, CVE Compatibility Lead at Mitre Corporation (the company that hosts and manages the CVE list for DHS), said he thinks CVEs need more attention by press and IT managers, in the process of de-mystifying malware, viruses and worms.

"They're not some magical creatures that can go through a solid surface. They have to take advantage of a flaw in your process or a flaw," Martin told internetnews.com. "If people were aware that these are open windows and doors maybe they would appreciate that closing those windows and locking those doors is a good idea."

In PredatorWatch's view, CVE auditing will be for network security what anti-virus software has become for PC security.

"It started out that viruses were backdoors and payloads into users PCs to steal data and wipe hard drives. Then people put up firewalls to keep that out of their space and that solves a big problem, but all that stuff has been reactive technology," PredatorWatch's Miliefsky explained.

"If there are 20 or 30 new ways to break into your computer, we can tap into that list and update our appliance and look at your network and tell you how you're hackable," he said. "That's the real issue and that's why it's the next generation of network security. "