Critical vulnerabilities have been identified with company trio Pulse Secure VPN devices, Juniper, and cybersecurity firm SonicWall.
Critical vulnerabilities have been identified with company trio Pulse Secure VPN devices, Juniper, and cybersecurity firm SonicWall.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
<p>When zero-day exploits like the recently disclosed SonicWall, Juniper, and Pulse Secure CVEs come to light, organizations need to immediately understand what software and devices might be affected and identify whether there are any vulnerable devices in their environment. This can be remarkably challenging because many organizations struggle to maintain an up-to-date inventory of devices in their environment, let alone detect software types and versions that devices are running and which need to be addressed.</p> <p> </p> <p>Simultaneously, organizations that have vulnerable devices need the ability to detect any related malicious activity that may indicate that the organization had been compromised before the CVE was disclosed, or between the time the CVE was disclosed and when the patch was deployed.</p> <p> </p> <p>Organizations are often forced to choose between remaining vulnerable to a new CVE or disabling business-critical applications such as email security in the case of SonicWall. In either scenario, organizations are subject to business risks and lost productivity. The faster an organization can identify the level of vulnerability, and if so, whether they were compromised, the better the chances of avoiding irrecoverable damage.</p>