When we talk to Network Managers around the world and ask them what is the number 1 priority for your team this year we are hearing more and more the answer being “security”. 

This is a little bit of a departure from previous years when the most common responses were “Ensuring uptime”, “Reducing MTTR” and “Deploying new services”.   This may be because in the past security was mostly considered to be the domain of the server and application teams and/or a specialized security team. 

However, with the multitude of known (and unknown) attackers out there, security really must become a cross-team discipline with everyone being involved to a degree in ensuring the integrity of the IT estate.

For Network Managers in particular, this means making sure that their infrastructure equipment has been hardened as much as possible and is not running any code or configurations that are known to be vulnerable. 

Fortunately, many vendors are now openly providing known vulnerability information to their clients and even the general public.  Many vendors are actively soliciting the “hacker” community to try and identify problems in their gear – even going so far as to organize “hack-a-thons” with prizes and cash rewards to individuals or teams that can identify and prove a previously unknown security vulnerability in their devices.

Webinar: How to Automate Cisco PSIRT Vulnerability Audits with NMSaaS - Sign Up Now

One company that has been proactive for years in this area is Cisco Systems.  The world’s largest vendor of network infrastructure equipment has a team of security experts who’s entire job is to collect, analyze and distribute information about vulnerabilities in Cisco equipment.  A 2014 presentation at their global Cisco Live! Conference described their mission as follows:

PSIRT is a Global team assisting customers with the ongoing security of their networks through identification, resolution and prevention of vulnerabilities in Cisco products and industry-wide vulnerabilities.

Clearly Cisco takes this aspect of their business very seriously, and that makes sense because if the “bad guys” can exploit a Cisco customers network through a vulnerability in Cisco equipment, then the blame (and potentially legal consequences) will point back to Cisco.

Another nice thing about the way Cisco works is that they freely distribute this information via open websites at:

www.cisco.com/go/psirt

www.cisco.com/security

They do this to “ensure fair public disclosure” and to make sure that everyone gets the information at the same time.  You do NOT need to even be under a Cisco maintenance contract to receive the information.

So, now that you can get the vulnerability information in a timely fashion, the big question becomes:

How do you use this information to identify if any of your equipment is vulnerable? 

The best way to approach this problem is to use an automated platform that has both knowledge of the current infrastructure devices as well as the published security vulnerabilities. 

Such a tool should be able to apply the PSIRT announcements to the running devices and report on any matches.  It is also critical for the system to be able to have “intelligent matching” capability meaning that it should be able to recognize that even though a device may potentially have a vulnerability, that security risk may not be “real” unless the device has a particular configuration or firmware version etc.

An up-to-date inventory CMDB combined with a vulnerability matching engine is the best way to proactively protect your IT infrastructure from security risks.  Any inventory system will need to have the ability to both gather current hardware and software information (typically via SNMP) as well as access the live device configuration information (via SSH). This inventory discovery and configuration access should be scheduled to run on a consistent basis so as to ensure an up to date inventory.

At NMSaaS we provide such a capability within our Inventory and NCCM modules. 

We offer the industry’s most comprehensive discovery Our EOx and Vulnerability service automatically gathers the PSIRT information and then can run a report against our internal inventory CMDB to determine if there are any potential security risks you should be aware of. This powerful combination of inventory information and security vulnerability data allows our customers to feel safe knowing that their Cisco gear is being proactively monitored for known security vulnerabilities.