Finding and Fixing OpenSSL Vulnerabilities at Scale: The Balbix Handbook

Every time a new critical vulnerability hits the world (like last week’s high-severity OpenSSL vulnerabilities), security teams have to scramble to respond:

  • What software is impacted?
  • Which systems are impacted?
  • How long will it take to fix critical systems?
  • What would be the impact of leaving the vulnerability open in low exposure or low impact systems?

This task is increasingly no longer a problem on a human scale; the number of vulnerabilities and assets that organizations like yours must manage is growing exponentially.

The way forward lies in automation. Automation lets you easily find and fix large-scale vulnerabilities. With automation, you can gain instant visibility into affected assets and easily remediate vulnerabilities to reduce their exposure from weeks and months to days.

Balbix provides an automated vulnerability management solution to our customers. Instead of having to scramble to answer the questions above every time they encounter a new vulnerability, our customers can follow a simple playbook.

Let’s see how Balbix customers could have used this playbook to respond to OpenSSL vulnerabilities from last week as an example.

Open SSL vulnerabilities

Last week the OpenSSL Security team published a advisory regarding CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”). Both of these vulnerabilities are classified as high severity.

They affect OpenSSL versions 3.0.0 through 3.0.6. Any OpenSSL 3.0 application that verifies X.509 certificates received from untrusted sources should be considered vulnerable. This includes both TLS clients and TLS servers that are configured to use TLS client authentication. The recommended fix is ​​for OpenSSL 3.0.0 to 3.0.6 users to upgrade to 3.0.7 as soon as possible. The recommended mitigation for TLS servers if an upgrade cannot be completed immediately is for teams to disable TLS client authentication.

The Balbix playbook is as easy as 1,2,3!

Balbix Playbook for Finding and Fixing a Large-Scale Vulnerability

Step 1: Query your inventory for affected assets

The first step is to identify where the CVE is present. With Balbix, you have this information at your fingertips. Balbix’s Cyber ​​Asset Attack Surface Management (CAASM) solution provides you with a continuously updated inventory of your assets, including software bill of materials (SBOM) and vulnerabilities.

With a list of assets, it’s easy to search for specific CVEs in your environment. You do this by looking up the CVE by number, as shown in the CVE Remediation screen below. The search results include the number of assets affected by the CVE. In this case, there are 13 assets affected by CVE 2022-3786.

CVE search results showing number of affected assets
CVE search results showing number of affected assets

Step 2: Identify available and recommended fixes

The second step is to identify how to mitigate or fix the vulnerability. Balbix provides you with contextual information about a CVE, including the publication date and severity (see image above). As you can see below, Balbix also provides you with the available fixes and the recommended fix. Balbix does this for each software release and identifies the assets that run those software releases.

What else? This information is updated in near real time. So, if new patches become available after a few days, Balbix automatically updates this information without forcing you to run a scan.

Available patches and recommended patch for each software version
Available patches and recommended patch for each software version

Step 3: Send for remediation directly from Balbix

Balbix lets you send this information to risk owners with one-click ticket creation.

One-click action to create a remediation ticket
One-click action to create a remediation ticket

Balbix’s integration with ServiceNow IT Service Management (ITSM) eliminates manual steps by allowing you to create ServiceNow remediation tickets directly in Balbix. This integration enables security and IT teams to work efficiently using a familiar, shared system for remediation workflow.

View of a remediation ticket configured to integrate with ServiceNow
View of a remediation ticket configured to integrate with ServiceNow

In summary

This simple yet effective playbook helps our customers reliably identify and mitigate vulnerabilities like recent OpenSSL vulnerabilities, at scale.

As our founder and CEO, Gaurav Banga, wrote during the log4j crisis, vulnerability management is a data science problem. Balbix provides our customers with advanced automation and analytics so they can manage the large number of CVEs present today, with speed and accuracy.

Find out how you can take full advantage of Balbix’s playbook to detect and remediate vulnerabilities at scale by schedule a 30 minute demo with Balbix.

Comments are closed.