Runecast and the KEV Catalog

CISA, the Cybersecurity & Infrastructure Security Agency has released some helpful guidance for those in charge of security and operations. We will discuss some of the key takeaways and how Runecast can help you meet these challenges.

CISA recommends all organizations—regardless of size—adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.

While CISA says they haven’t identified any threats towards the U.S. we know that our users are based across the world and we would urge you to take all the available precautions for your cyber defenses. This is a time of heightened security concerns and we would much rather be over protective, than have to deal with the consequences of being underprepared.

If you don’t know, CISA is the national cyber defense agency in the United States and maintains the Known Exploited Vulnerabilities Catalog, sometimes referred to as KEV. The KEV catalog is an incredibly useful tool which has been added to Runecast in the latest release (read more about Runecast version 6.1 here). This means that all of the vulnerabilities that are known to have been exploited are highlighted in the Runecast appliance for easy prioritisiation. We would recommend if you’re securing your environments that you fix these vulnerabilities first, before moving on to deal with other critical issues.

All of the vulnerabilities in the KEV catalog come with a due date. This date is when the vulnerability must be patched by Government and U.S Military Organisations in order to be compliant with the Binding Operational Directive released by CISA at the end of 2021. By highlighting these dates and timeframes we help you to ensure you are compliant by the due date. Even if you aren't a Government or U.S Military Organisation, you can use the due date as a benchmark for patching the vulnerability. 

There are some vulnerabilities that are not known to have been exploited yet and can therefore be viewed as academic. This is not to say that these vulnerabilities do not pose a threat to the environment, just that they have not reached the KEV list, meaning there’s no verified record of their use. These vulnerabilities should still be addressed, but a lower priority can be assigned to them when deciding what to remediate first.

As of our 6.1 release Runecast is one of a handful of vendors to offer this information in a security product, and we make it easily available within the dashboard.

Each CVE has its own line, which includes a severity rating and a column showing whether this vulnerability has been exploited in the wild. This column can be filtered on, used or removed, as with all the columns in the Runecast appliance.

Once selected, each vulnerability record shows an information bar across the top of the screen detailing whether the vulnerability is known to have been exploited.

KEVs are vulnerabilities which have been used or targeted and the information exists for malicious threat actors to use them against you and your systems. For us at Runecast these are top priority vulnerabilities. It’s the equivalent of changing the locks in your house after learning that there’s a key in the neighbourhood which will open your doors.

In their article, CISA goes on to recommend four steps which all organisations can take to better secure their environments.

These four steps are:

• Reduce the likelihood of a damaging cyber intrusion
• Take steps to quickly detect a potential intrusion
• Ensure that the organization is prepared to respond if an intrusion occurs
• Maximize the organization's resilience to a destructive cyber incident

Using the KEVs alongside a framework like DISA STIG, which is also available in the Runecast appliance, can ensure you take actions such as closing remote access ports, removing factory default administrator accounts, etc. All of these things are great ways to lower your overall risk of exposure to threat actors, and it’s made easy by being all in one place in our appliance.

There are more wide-ranging suggestions too, like forming a crisis or disaster-response team. And how about those backups you may not have tested? Now would be an ideal time to refresh everyone’s mind on how to restore key systems from a backup, before it changes from an exercise to a necessity. 

Runecast is dedicated to giving your security teams a competitive edge. With the addition of the Known Exploited Vulnerabilities Catalog we’ve added an incredibly useful tool to your arsenal. Our platform enables you to save time and effort, to minimize your threat surface and achieve compliance with over 10 security standards.‍