This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Streamline with New Risk-Based Vulnerability Prioritization for IoT, OT, and MIoT Devices

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Streamline with New Risk-Based Vulnerability Prioritization for IoT, OT, and MIoT Devices

vkameyama
L1 Bithead
‎07-25-2024 12:04 PM

Title_New-Risk-Based-Vulnerability-Prioritization_palo-alto-networks.jpg

 

The number of vulnerabilities is constantly growing, and we know how difficult it can be to keep up with remediation efforts and deliver maximum business value. We’re excited to announce our new risk-based vulnerability enhancement, which reduces vulnerability noise for IoT, OT, and MIoT devices by up to 90% and enables network and security teams to focus on what matters. 

 

How the Vulnerability Prioritization Works 

 

The vulnerability prioritization ranks all the CVEs identified in the customer’s tenant using a multifactor risk assessment and provides a priority classification (Top, Medium or Low) for each CVE. Risk is measured taking into account the vulnerability severity level, the likelihood of exploitation indicators and the potential impact given specific factors unique to the organization environment. 

 

Vulnerability Metrics:

 

  • Common Vulnerability Scoring System (CVSS) base score

 

Threat Metrics:

 

  • Availability of exploit kits and exploit code maturity
  • CISA Known Exploitable Vulnerabilities (KEV)
  • Exploit Prediction Scoring System (EPSS)
  • Assets connected to the internet

 

Impact Metrics (Organization Specific):

 

  • Number of assets affected by the CVE (i.e., attack surface)
  • Criticality of the assets affected by the CVE

 

This framework allows us to extend the prioritization methodology to additional contextual data that may be considered relevant as the model evolves and continues to be fine tuned for more meaningful calculation and insights.

 

The priority attribute is displayed in our UI along with a variety of other important risk related information, to help users better understand their potential attack surface and which CVEs matters most from a risk prioritization point of view and take action on. 

 

Vulnerability list page view in IoT/OT/Medical SecurityVulnerability list page view in IoT/OT/Medical Security

 

What More Can We Offer?

 

Additionally, for the top prioritized CVEs, when patches are not readily available for the CVE remediation or it may be difficult for asset owners to schedule maintenance windows, our IoT/ OT Security solutions inform which CVEs have Threat Prevention signature coverage. You can then leverage the Zero Trust Policy recommendations and attach the security profiles with vulnerability protection as a compensating control. This capability can prevent malicious actions from exploiting known vulnerabilities, helping security teams maintain the stability and reliability of critical systems. In some cases, it can even extend the lifespan of IoT/ OT systems that are otherwise end of life! 



Illustration of the Vulnerability details with corresponding Threat Prevention coverageIllustration of the Vulnerability details with corresponding Threat Prevention coverage

 

IoT Policy Recommendation with vulnerability protection profileIoT Policy Recommendation with vulnerability protection profile

 

Learn more information about setting vulnerability protection profiles.

 

Wrapping It All Up

 

The risk-based vulnerability prioritization is one of the many innovations in our IoT/OT/Medical Security solutions that can help secure all your devices while significantly optimizing your operations. These solutions offer a comprehensive Zero-Trust architecture that allows our customers to quickly discover every device, understand their attack surface, prioritize risk mitigation efforts and secure hard-to-patch vulnerable IoT, OT and Medical IoT devices with context-rich security policy recommendations and vulnerability threat signatures to stop exploit attempts. 

 

Learn more about our announcement on our Strata blog. Want to learn more about what our IoT/OT security solutions can do for you? Check out the following links:

 

Enterprise IoT Security Introduction | Upcoming Hands on workshop

Medical IoT Security – Introduction | Upcoming Hands on workshop

Industrial OT Security Introduction | Upcoming Hands on workshop

 

We want to help keep all your devices secure. Start a free trial with us here

 

Labels:
0 Likes Likes
  • 1341 Views
  • 0 comments
  • 0 Likes
Register or Sign-in
Labels
Popular Blogs
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks