In a significant boost to our cybersecurity suite, Glasstrail has rolled out a new feature for detecting Common Vulnerabilities and Exposures (CVEs).

This development will help fortify your external attack surface by identifying vulnerabilities linked to specific software versions.

Glasstrail's latest feature checks the technologies used on your websites against the comprehensive CVE database operated by CVE.org. By identifying specific software versions, it can pinpoint those with known vulnerabilities and bring these to your attention.

This preventive measure enhances your organisation's ability to ward off cyber threats.

What is a CVE?

Common Vulnerabilities and Exposures (CVE) are publicly known information security vulnerabilities or exposures in software or hardware systems. The CVE system provides a standardised method for identifying and categorising these vulnerabilities, allowing organisations and researchers to consistently track and address security issues.

The CVE List is maintained by the MITRE Corporation, in collaboration with the security community, to provide a centralised database of all publicly disclosed vulnerabilities.

Benefits of Glasstrail's CVE Detection Feature

1. ‍Proactive Security: Frequent monitoring for vulnerabilities ensures ongoing protection against emerging threats, reducing the window of exposure.‍
2. Simplified Management: Easy-to-understand reports help IT teams of all experience levels quickly comprehend and act on vulnerabilities.‍
3. Cost-Effective Solution: Glasstrail’s automated and continuous approach to CVE detection is a cost-effective alternative to traditional penetration testing (which can be both expensive and infrequent).‍
4. Integrated: Glasstrail can be integrated into your existing ticketing and monitoring tools so alerts get to where they need to be.

‍

(Fun Fact: You don’t have to be a cyber expert to use Glasstrail! As long are you care about protecting your organisation’s online presence and cybersecurity posture – Glasstrail is for you. Get your free trial today.)

‍

How It Works

• ‍Discovery: Glasstrail's scans encompass the entire external attack surface, including websites, DNS setups, and email security configurations. The CVE detection is, for now, linked to the technologies used on the websites. Not all software has a detectable or machine-readable version number. When it does though, and if it conforms to the Common Platform Enumeration (CPE) version naming standards set by NIST, then it can be useful.‍
• Vulnerability Identification: The platform uses its CVE database to cross-reference identified CPE software versions. Because the identification process aligns with CPE standards this ensures reliable cross-checking. When a match is found, a finding is raised.‍
• Detailed and Actionable Reporting: Once vulnerabilities are found, detailed findings are generated complete with plain language explanations and links to further information about the vulnerability. This information helps IT teams prioritise and address the most critical issues effectively.

Severity and Prioritization of CVEs

CVE findings within Glasstrail are categorised into ‘confirmed’ and ‘potential’ vulnerabilities. Confirmed CVE is graded as medium severity, while potential CVE, which requires further verification by the user, is treated as low severity.We grade findings as ‘potential’ when the version the CVE applies to is unclear. Often these are older CVEs where there was less attention placed on making sure the CVE report was formatted to be machine-readable.

The actual severity of a vulnerability will vary based on further assessment using the Common Vulnerability Scoring System (CVSS) and your specific risk profile.

CVSS ratings are done separately, after the CVE is detected, and try to assess how bad the vulnerability is based on exploitability and impact metrics, as well as (if possible) temporal and environmental metrics.

Future-Proofing Your Cybersecurity

As cyber threats continuously evolve, having an up-to-date and proactive security posture is critical. Glasstrail’s CVE detection feature promises a significant enhancement in identifying and managing vulnerabilities, ensuring that organisations can stay one step ahead in safeguarding their digital assets.

For a closer look at Glasstrail's CVE detection capabilities and how they integrate with existing security measures, get in touch, or sign up for a trial to experience firsthand how this feature can fortify your cybersecurity framework.