- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
I hope all of you are doing well.
I have one question. How can PA prevent an unknown CVE on NGFW?
Why I brought up this question is because I saw that from one vendor to another, they have different CVE numbers and IDs.
I was wondering if you could advise me.
Hello @SopheaHem - CVE IDs are centrally allocated, but it is inevitable that there is some duplication and overlap among the 220,000+ CVE records currently available. Sometimes an "unknown" one (to us) might actually be known to us as a different CVE ID. A similar story would apply to any other security vendor.
Bear in mind that CVE IDs can be allocated before any information is known about the specifics of the threat, and without threat specifics we would need to rely on other heuristics to identify a novel threat.
Like any good answer, the best answer I can give here is, "it depends." No security vendor, be it Palo Alto Networks or anyone else, can guarantee anything about detecting and eliminating unknown CVEs, and you should be highly suspicious of claims to the contrary. If they're unknown, or highly novel, there is always a risk that they could slip past unnoticed. This is where tools like App-ID, URL Filtering, and WildFire, and having a sensible but strict security policy that utilises them, really come into their own. Defence in depth is an excellent approach as well: don't just rely on App-ID, for example, but instead use all of the tools at your disposal.
Moreover, not every CVE is network-centric, which makes it hard for a next-generation firewall to have any impact, positive or negative, on the detection of those.
What we can also do is use tools like Advanced WildFire to detect and eliminate threats, including novel one threats, as quickly as possible using a range of analysis tools and techniques. This can also include threats that don't (yet) have a CVE identified. This relies on the knowledge gained from multiple sources including other customer environments using Advanced WildFire, which means that on average, any novel threat will have been seen at least once, and hopefully identified as such, before it encroaches on your environment.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!