hero
Security use case

Prioritizing Kubernetes vulnerabilities

Achieve the highest impact on your security posture in the shortest time by focusing on the CVEs that count with eBPF-based relevancy solution

icon

What is CVE Relevancy?

The term “CVE shock” refers to the overwhelming sensation felt by devops and security teams when confronted with a substantial number of vulnerabilities. The sheer quantity of vulnerabilities can make it difficult to determine which ones are the most critical and should be addressed first. However, CVE relevancy offers a solution to CVE shock by guiding teams towards the vulnerabilities that pose the greatest risk to their operating clusters. By focusing on these high-priority vulnerabilities, teams can effectively mitigate potential threats and avoid feeling paralyzed by the task at hand.

CVE Prioritization options

To date, the common best practice for solving vulnerabilities is according to their score, as it is defined under the Common Vulnerability Scoring System.

Which means teams will work their way down from the vulnerabilities with the highest score to the lowest. The problem with this approach is twofold. Firstly, it perpetuates the problem of “CVE shock”. The second and more important problem is that working this way doesn’t necessarily make an impact on your Kubernetes security posture.

One thing that is nice about ARMO Platform is that it scans what is running on the cluster, not dev tools or other noise. So, we really see the vulnerabilities of the workload.

author label
Alexandre Lussier DevOps, Akinox

The solution

ARMO Platform offers a solution which lies in prioritizing relevancy and gaining contextual visibility into vulnerabilities that truly expose you to attacks. This is achieved by identifying the specific packages utilized by the pod, which determines whether a CVE poses an evident risk or not.

 

Once you have obtained the visibility, the next step is to devise an action plan. We recommend starting by addressing fixable vulnerabilities that have both a known solution and a network attack or remote code execution (RCE) vector, as depicted by “RCE” in the diagram. Subsequently, focus on mitigating the relevant CVEs with a network attack vector, indicated as “mitigate,” and patch those that are fixable but lack RCE capabilities. Once these priority steps are taken, you can proceed to handle the remaining vulnerabilities.

 

solution

Benefits of prioritizing CVEs with ARMO Platform

  • Reduce the confusion around CVE prioritization and the toil associated with the assessment of CVEs in order to plan patching activities. ARMO Platform gives you a handy filter to find those CVEs that are most important to patch first.

    In the screenshot below you can see that there are only 4 CVEs you need to patch first, to get the most impact. Setting patching priority was reduced to a few clicks on ARMO Platform and not long hours of research.

     

     

    It is crucial to emphasize that for optimal security, it is essential to patch, mitigate, or appropriately label all vulnerabilities, even if they are deemed less critical or marked as false positives.

Start Using ARMO Platform Now

An end-to-end Kubernetes security platform powered by Kubescape

panda
Start Now Free Forever