In November 2021, the U.S. federal government published a Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive. This Department of Homeland Security (DHS) directive mandates federal agencies within the U.S. act to protect themselves from “...increasingly sophisticated malicious cyber campaigns that threaten the public sector, private sector, and ultimately the American people’s security and privacy.”
The directive requires United States federal agencies to patch known, "publicly exploited'' vulnerabilities. The list of these vulnerabilities is cataloged and updated by the Cybersecurity & Infrastructure Security Agency (CISA) (on their website) periodically.
What is the reason for this new directive and process?
Several key factors have been considered in CISA’s decision. Critical criterion are highlighted below:
-
CISA has determined vulnerabilities with publicly known exploits “carry unacceptable risk to the federal enterprise” and as such this new directive is warranted to curb exposure. For most medium-sized organizations or larger, given the technology footprint they have, thousands of vulnerabilities must be analyzed and addressed. This directive helps agencies prioritize their effort on the most critical issues.
-
Today, Federal agencies are not required to patch all Common Vulnerabilities and Exposures (CVEs). However the new list of known exploited vulnerabilities must be addressed fully by federal agencies due to the active threat associated with each vulnerability, with due date dates for patching ranging from Nov 2021 to May 2022.
How does this apply to private enterprises?
While the directive doesn't directly impact private enterprises, many such organizations may benefit from following CISA's lead.
The steps taken by CISA with this directive are critical in reducing threats to any organization. These threats are not limited to the U.S. federal government. Many enterprises face the same challenges when it comes to vulnerability management and patching cycles as cited in the reasoning for this new directive.
At the top of this list of challenges is prioritization of the issues that need immediate attention for Federal Departments - while not covered by the mandate, these are critical challenges for the private sector as well. Not only are the number of threats increasing for many organizations but challenges are amplified by limited budgets.
Staffing constraints make it challenging to keep up with the increased risk from known exploitations. The bottom line is that all organizations should prioritize mitigation of vulnerabilities and take action to manage their risk exposures.
How can Red Hat Insights help?
Insights provides deep threat analysis of Red Hat Enterprise Linux (RHEL) systems with a simple user interface. Users can more easily triage and manage CVEs that pose a risk to RHEL hosts in their organization.
Earlier this year, Red Hat Insights announced a feature that gives users “Actionable threat intelligence for publicly known exploits for RHEL” for systems registered to Red Hat Insights. This feature was built to solve the same problems that are cited by CISA. Publicly known exploited vulnerabilities pose high risk and must be patched with the highest priority to protect the organization.
The actionable threat intelligence for publicly known exploits for RHEL feature makes it simple to identify Red Hat Enterprise Linux hosts that are vulnerable to publicly known exploited CVEs. Many hours are saved with Red Hat Ansible Automation to apply push-button remediation of vulnerabilities across the entire enterprise.
Figure 1. In Insights, vulnerabilities can easily be filtered for “Known exploit” status. The Insights Vulnerability service shows 4 CVEs with publicly known exploits in this view.
Want more information?
We held a Red Hat Insights webinar about managing security and compliance risk recently that included a short demonstration of the Vulnerability service as part of Red Hat Insights. You can watch its recording on-demand here.
Red Hat Insights is included as part of your RHEL subscription - find more information and get started today by visiting Red Hat Insights.
저자 소개
Mohit Goyal is a Senior Principal Product Manager for Red Hat Insights. Mohit brings a wealth of experience and skills in enterprise software having held roles as a software engineer, project manager, and as a product manager across software and travel industries. Goyal has a bachelor's degree in Computer Science from the Institute of Technology, University of Minnesota and a MBA from the Carlson School of Management, University of Minnesota. With his technical skills and business acumen, he helps build products to address problems faced by enterprises, with a focus on security, user experience, and cloud computing. When he's not writing user requirements, engaging with customers, or building product roadmaps, Mohit can be found running, cooking, or reading.
채널별 검색
오토메이션
기술, 팀, 인프라를 위한 IT 자동화 최신 동향
인공지능
고객이 어디서나 AI 워크로드를 실행할 수 있도록 지원하는 플랫폼 업데이트
오픈 하이브리드 클라우드
하이브리드 클라우드로 더욱 유연한 미래를 구축하는 방법을 알아보세요
보안
환경과 기술 전반에 걸쳐 리스크를 감소하는 방법에 대한 최신 정보
엣지 컴퓨팅
엣지에서의 운영을 단순화하는 플랫폼 업데이트
인프라
세계적으로 인정받은 기업용 Linux 플랫폼에 대한 최신 정보
애플리케이션
복잡한 애플리케이션에 대한 솔루션 더 보기
오리지널 쇼
엔터프라이즈 기술 분야의 제작자와 리더가 전하는 흥미로운 스토리
제품
- Red Hat Enterprise Linux
- Red Hat OpenShift Enterprise
- Red Hat Ansible Automation Platform
- 클라우드 서비스
- 모든 제품 보기
툴
체험, 구매 & 영업
커뮤니케이션
Red Hat 소개
Red Hat은 Linux, 클라우드, 컨테이너, 쿠버네티스 등을 포함한 글로벌 엔터프라이즈 오픈소스 솔루션 공급업체입니다. Red Hat은 코어 데이터센터에서 네트워크 엣지에 이르기까지 다양한 플랫폼과 환경에서 기업의 업무 편의성을 높여 주는 강화된 기능의 솔루션을 제공합니다.