Adapting to the new normal at NVD with Anchore Vulnerability Feed
•
0 likes•15 views
Anchore alerted the security community to the drastic slowdown in the CVE updates coming from the National Vulnerability Database (NVD). Despite explanatory comments from NIST, the organization that runs NVD, there is still ongoing concern about the long-term future. Neil Levine, SVP of Product will introduce the Anchore Enterprise 5.5 release and demonstrate how Anchore has adapted its product to support customers mitigate the lack of data from NVD while also giving them flexibility in how to retrieve vulnerability updates in general.
Recommended
Recommended
More Related Content
Similar to Adapting to the new normal at NVD with Anchore Vulnerability Feed
Similar to Adapting to the new normal at NVD with Anchore Vulnerability Feed (20)
Recently uploaded
Recently uploaded (20)
Adapting to the new normal at NVD with Anchore Vulnerability Feed
- 1. Anchore Enterprise 5.5 - Adapting to the new normal at NVD Neil Levine VP of Product Anchore Alan Pope Director of DevRel Anchore
- 2. Housekeeping 01 02 03 All participant lines are muted Questions will be accepted throughout, enter questions via Q&A panel You will receive a follow-up email with a link to the recording 04 Please respond to poll questions as they are appear on your screen
- 3. Agenda Introductions 01 02 Vulnerability Feeds & NVD Challenges 03 Anchore Vulnerability Feed Service & Enhancements in 5.5 04 Q&A
- 5. Anchore Enterprise: How it Works Anchore Enterprise Run Deploy Stage Build Source Runtime SCM CI/CD Registry Docker v2 API Admission controller AnchoreCTL AnchoreCTL Enterprise Capabilities ● Linux and Windows containers ● Malware & secrets scanning in addition to vulnerabilities ● Fully-supported integrations with CI/CD tools ● Continuous scanning from develop to runtime ● Persist SBOMs and security results across apps and teams ● Enhanced vulnerability feed ● Centralized policy enforcement with pre-built policy packs ● API/GUI for reporting and auditing ● Notifications ● Remediation recommendations & workflows ● Enterprise control with support for RBAC, SSO, LDAP ● SLA Technical Support K8S Inventory EKS Inventory Policy Enforcement | Compliance Vulnerabilities SBOM Management Analyzers Analyzers Analyzers Analyzers Analyzers Reporting | Auditing Malware | Secrets False Positive Mgmt Remediation
- 6. Anchore Enterprise: How it Works Anchore Enterprise Run Deploy Stage Build Source Runtime SCM CI/CD Registry Docker v2 API Admission controller AnchoreCTL AnchoreCTL Enterprise Capabilities ● Linux and Windows containers ● Malware & secrets scanning in addition to vulnerabilities ● Fully-supported integrations with CI/CD tools ● Continuous scanning from develop to runtime ● Persist SBOMs and security results across apps and teams ● Enhanced vulnerability feed ● Centralized policy enforcement with pre-built policy packs ● API/GUI for reporting and auditing ● Notifications ● Remediation recommendations & workflows ● Enterprise control with support for RBAC, SSO, LDAP ● SLA Technical Support K8S Inventory EKS Inventory Policy Enforcement | Compliance Vulnerabilities SBOM Management Analyzers Analyzers Analyzers Analyzers Analyzers Reporting | Auditing Malware | Secrets False Positive Mgmt Remediation
- 10. Missing & Erroneous Data {"name":"CVE-2024-3094","priority":" high","patches":[{"distro":"focal","statu s":"not-affected","version":" 5.2.5-2ubuntu1","package":"xz-utils","priority": null},{"distro":"jammy","status":"not-affected","version":" 5.2.5-2ubuntu1","p ackage":"xz-utils","priority":null},{"distro":"mantic","status":"not-affected ","version":"5.4.1-0.2","package":"xz-utils","priority":null}],"ignored_patch es":[{"distro":"upstream","status":"needs-triage","version":null,"package":" x z-utils","priority":null},{"distro":" trusty/esm","status":"not-affected","ver sion":null,"package":" xz-utils","priority":null},{"distro":"esm-infra/xenial" ,"status":"not-affected","version":null,"package":" xz-utils","priority":null} ,{"distro":"esm-infra/bionic ","status":"not-affected","version":null,"package ":"xz-utils","pri Anchore Enterprise Vulnerability Providers Canonical Microsoft NVD GitHub Debian Python NPM
- 11. NVD Challenges
- 12. NVD (NIST) CVE Program (MITRE) Product Owner Vuln Researcher Vulnerability Discovered Vulnerability Discovered Vulnerability Submitted to CVE Numbering Authority Published to National Vulnerability Database Vulnerability Intake Vulnerability Triage Needs More info/ Provides additional info Vuln Confirmed Report Vulnerability Affected Products Vulnerability Type Attack Type Impact Provide Additional Details Bug Bounty Payment Bounty Payment Received Reserve CVE Assign Vuln CVE CVE-YYYY-XXX XX CVE Rejected Needs More Info Vulnerability Remediation Coordinated Disclosure Vulnerability Notification Coordinated Disclosure Populate CVE List CVE Approved NVD Analyst Assigned NVD Enrichment Reference Tags CVSS CWE CPE Senior Analyst Review
- 13. Changes at NVD
- 14. NVD (NIST) CVE Program (MITRE) Product Owner Vuln Researcher Vulnerability Discovered Vulnerability Discovered Vulnerability Submitted to CVE Numbering Authority Published to National Vulnerability Database Vulnerability Intake Vulnerability Triage Needs More info/ Provides additional info Vuln Confirmed Report Vulnerability Affected Products Vulnerability Type Attack Type Impact Provide Additional Details Bug Bounty Payment Bounty Payment Received Reserve CVE Assign Vuln CVE CVE-YYYY-XXX XX CVE Rejected Needs More Info Vulnerability Remediation Coordinated Disclosure Vulnerability Notification Coordinated Disclosure Populate CVE List CVE Approved NVD Analyst Assigned NVD Enrichment Reference Tags CVSS CWE CPE Senior Analyst Review
- 15. Anchore Vuln Feed Updates
- 16. Anchore Vulnerability Feed Proxy Mode Anchore sources vulnerability feeds and makes them available to customers Enabled on a per-feed driver basis List of known false positives Anchore sources missing CPE data from NVD records from other sources (Does not include Severity/CVSS) Exclusion Data Feed Enriched Data Feed New in 5.5! New in 5.5!
- 17. Existing Data Source Feed Options Anchore Enterprise Vulnerability Providers Canonical Microsoft Other 3rd parties NVD Anchore Vuln Feed Direct mode Direct mode Direct mode Direct mode Exclusion Data Feed
- 18. Proxy Mode (5.5+) Anchore Enterprise Vulnerability Providers Canonical Microsoft Other 3rd parties NVD Anchore Vuln Feed Direct mode Direct mode Direct mode Direct mode Enriched Data Feed Exclusion Data Feed
- 19. Proxy Mode + Enriched Data (5.5+) Anchore Enterprise Vulnerability Providers Canonical Microsoft Other 3rd parties NVD Anchore Vuln Feed Proxy mode + Enriched Data Exclusion Data Feed
- 20. Customer Benefits Proxy Mode Fewer distractions from 3rd party service outages No API tokens or service registration Simple firewall configuration Fewer false positives due to imprecise vulnerability metadata Ensures NVD catalog is up to date with CVE records CPE data missing from NVD records provided by Anchore Exclusion Data Feed Enriched Data Feed
- 21. Enhancing Data Quality Vulnerability Providers CVE5 NVD Anchore Open Source Vulnerability Data Tools + Human Review Anchore Enterprise 3rd Party Products
- 22. Get Involved Anchore Open Source github.com/anchore Open Source NVD Enrichment Project github.com/anchore/vulnerability-data-tools Enriched NVD Data github.com/anchore/nvd-data-overrides Anchore Community Slack anchore.com/slack
- 24. Recent updates Global CVE References Use CVE references in policy or searches independent of record which generated the match alert Download the AnchoreCTL client from an Enterprise API endpoint to ensure version consistency Simplify authentication for non-human users AnchoreCTL Endpoint Token-based Auth New in 5.5!
- 25. Summary 1. NVD’s future continues to be uncertain 2. The Anchore Vulnerability Feed helps mitigate some of the data gaps 3. The Anchore Vulnerability Feed simplifies the operations of feed management 4. Customers should enable all feeds for the most accurate results
- 26. Next Steps Get started with a free-trial Anchore Enterprise https://get.anchore.com/free-trial/ Learn more about Anchore Enterprise https://anchore.com/platform Visit our GitHub and Community Slack github.com/anchore and https://anchore.com/slack Download the NVIDIA case study www.anchore.com/nvidia
- 27. Thank you for joining! Schedule a demo of our platform @ get.anchore.com/demo-request