We wanted you to be aware of a situation that may have significant implications for your organization’s cybersecurity posture. In a highly unusual move, the National Security Agency (NSA) released research on October 20, 2020, highlighting 25 common vulnerabilities that are being actively exploited by Chinese state-sponsored actors. Most of the NSA vulnerabilities can be exploited to gain initial access to networks that are directly accessible from the Internet.
To help you better prioritize your focus and actions, Bitsight can help you gain visibility into some of the most risky vulnerabilities identified by the NSA -- both within your own company network, and across your supply chain. We have published a blog with further information, and instructions on how to leverage Bitsight to identify areas of risk can be found below.
It is important to note that within Bitsight, there is a mix of confirmed (this machine has the vulnerability) and potential (this machine has the software which is vulnerable, the patch status is undetermined) detections for these. Both are useful, depending upon the situation, but having that context early is key to having a productive understanding of the Bitsight features.
For any further information, please contact your Account Manager.
Security Performance Management
When looking at your own company, use the “Vulnerability” filter in the Findings page to highlight findings showing specific vulnerabilities (or potential vulnerabilities) for a single organization.
Third Party Risk Management
- When looking at vendors/third parties, view the folder of interest and filter for the vulnerability to find out who in your supply chain may have a particular vulnerability.
- To learn more about a specific vendor’s instances of the vulnerability, select View Findings to see the actual instances of the vulnerability on a particular company.
- Use Vulnerability Detection to find and remediate threats.
If you find organizations that have or may have these vulnerabilities, you can leverage the Enable Access Program and reach out directly to your vendors to initiate risk remediation discussions.
- August 24, 2023: Use Vulnerability Detection for Continuous Monitoring.
- August 15, 2022: Updated instructions for the SPM and Continuous Monitoring app.
- October 26, 2020: Published.
Feedback
0 comments
Please sign in to leave a comment.