May 24, 2015

Smart Solution, Smart Aggregation

Think of the vast amount patch related of vulnerabilities you get after an automatic scan; for example insecure Apache httpd version. Frequently, these issues can be grouped since they are related to Apache httpd and instead of using different names one can show all these vulnerabilities using a single name. This feature is available in NormShield since day one (see Normalization of Vulnerability Nomenclature) and gives a full meaning to unified vulnerability management.

However, there's still room for being better. From an attacker/tester point of view every patch related issue on a specific Apache version installation is valid. They are different issues, period. On the other hand, having this many vulnerabilities will not make your Ops part of your DevOps particularly happy. This is, of course, not your job: to make them happy. But, moreover, you can hear them saying that "by upgrading to the new version, we can fix all of the issues", which is correct. 

So in order to motivate them NormShield brings another feature to the table. Smart vulnerability aggregation. Using this feature (ticking Smart Vulnerability Aggregation checkbox) you can select one or more issue types into another single issue type, which will not only make sure that representing all those issues with a single vulnerability name, but also it will show them as a single vulnerability!

Smart vulnerability aggregation, make them look ONE