Anchore alerted the security community to the drastic slowdown in the CVE updates coming from the National Vulnerability Database (NVD). Despite explanatory comments from NIST, the organization that runs NVD, there is still ongoing concern about the long-term future.
Neil Levine, SVP of Product will introduce the Anchore Enterprise 5.5 release and demonstrate how Anchore has adapted its product to support customers mitigate the lack of data from NVD while also giving them flexibility in how to retrieve vulnerability updates in general.
Adapting to the new normal at NVD with Anchore Vulnerability Feed
1. Anchore Enterprise 5.5 - Adapting to
the new normal at NVD
Neil Levine
VP of Product
Anchore
Alan Pope
Director of DevRel
Anchore
2. Housekeeping
01
02
03
All participant lines are muted
Questions will be accepted throughout, enter questions via Q&A panel
You will receive a follow-up email with a link to the recording
04 Please respond to poll questions as they are appear on your screen
16. Anchore Vulnerability Feed
Proxy Mode
Anchore sources vulnerability feeds and makes them available to customers
Enabled on a per-feed driver basis
List of known false positives
Anchore sources missing CPE data from NVD records from other sources
(Does not include Severity/CVSS)
Exclusion
Data Feed
Enriched
Data Feed
New in
5.5!
New in
5.5!
17. Existing Data Source Feed Options
Anchore
Enterprise
Vulnerability
Providers
Canonical
Microsoft
Other 3rd
parties
NVD
Anchore
Vuln
Feed
Direct mode
Direct mode
Direct mode
Direct mode
Exclusion Data Feed
19. Proxy Mode + Enriched Data (5.5+)
Anchore
Enterprise
Vulnerability
Providers
Canonical
Microsoft
Other 3rd
parties
NVD
Anchore
Vuln
Feed
Proxy mode + Enriched Data
Exclusion Data Feed
20. Customer Benefits
Proxy Mode
Fewer distractions from 3rd party service outages
No API tokens or service registration
Simple firewall configuration
Fewer false positives due to imprecise vulnerability metadata
Ensures NVD catalog is up to date with CVE records
CPE data missing from NVD records provided by Anchore
Exclusion
Data Feed
Enriched
Data Feed
22. Get Involved
Anchore Open Source
github.com/anchore
Open Source NVD Enrichment Project
github.com/anchore/vulnerability-data-tools
Enriched NVD Data
github.com/anchore/nvd-data-overrides
Anchore Community Slack
anchore.com/slack
24. Recent updates
Global CVE
References
Use CVE references in policy or searches independent
of record which generated the match alert
Download the AnchoreCTL client from an
Enterprise API endpoint to ensure version consistency
Simplify authentication for non-human users
AnchoreCTL
Endpoint
Token-based
Auth
New in
5.5!
25. Summary
1. NVD’s future continues to be uncertain
2. The Anchore Vulnerability Feed helps mitigate some of the data gaps
3. The Anchore Vulnerability Feed simplifies the operations of feed management
4. Customers should enable all feeds for the most accurate results
26. Next Steps
Get started with a free-trial Anchore Enterprise
https://get.anchore.com/free-trial/
Learn more about Anchore Enterprise
https://anchore.com/platform
Visit our GitHub and Community Slack
github.com/anchore and https://anchore.com/slack
Download the NVIDIA case study
www.anchore.com/nvidia
27. Thank you for joining!
Schedule a demo of our platform @ get.anchore.com/demo-request