Head Nerds
Gestione delle patch

CVSS Scores Enhance N‑central Patch Management

N‑central’s first release of 2024 will bring a very welcome addition to the product for anyone responsible for Patch Management in the form of CVSS scores.

What are CVSS Scores?

In the unlikely event you haven’t heard of CVSS scores, here’s a quick explanation:

  • CVSS stands for Common Vulnerability Scoring System. 
  • It is a framework used to assess the severity of security vulnerabilities in software systems.
  • The score is represented as a numerical value, typically ranging from 0.0 to 10.0, with 10.0 being the most severe.
  • CVSS scores are calculated based on various metrics such as exploitability, impact, and complexity of the vulnerability.

The purpose of CVSS scores is to provide a standardized way for you to prioritize and compare the severity of different vulnerabilities, helping you make informed decisions about which issues to address first.

By integrating information, including CVSS scores from Microsoft’s Security and Response Centre, directly into N‑central’s Patch Management, you gain visibility into which patches resolve vulnerabilities, allowing you to prioritize efforts accordingly when necessary.

Related Product

N‑central

Manage large networks or scale IT operations with RMM made for growing service providers.

How will CVSS scores enhance my patch management?

Here are six key reasons why CVSS scores will enhance your patch management workflows:

  1. Prioritization of Updates: With a plethora of software updates, CVSS scores aid in prioritizing them by highlighting the severity of vulnerabilities being addressed. This ensures critical security patches are promptly applied, reducing exposure to potential threats.
  2. Resource Allocation: Given the limited resources of IT and security teams, CVSS scores help allocate them efficiently by focusing on updates that mitigate higher-risk vulnerabilities. This approach enhances the management of patching efforts.
  3. Decision-Making: CVSS scores inform decisions regarding the urgency of applying updates. Higher scores may indicate vulnerabilities with a greater likelihood of exploitation or severe consequences, enabling users to align decisions with their risk tolerance and security policies.
  4. Security Posture: Monitoring CVSS scores on Windows updates enables users to evaluate the overall security posture of their systems. Regular application of updates with high CVSS scores contributes to maintaining a resilient and secure environment.
  5. Compliance: Many regulatory standards and industry best practices recommend or mandate considering CVSS scores in vulnerability management processes. Viewing CVSS scores on Windows updates aids organizations in demonstrating compliance with these standards.
  6. Communication and Reporting: CVSS scores offer a standardized language for discussing vulnerabilities, facilitating clear communication among IT teams, security professionals, and management regarding the severity of security issues addressed by Windows updates.

How do I make use of this new function in N‑central 2024.1?

In N‑central 2024.1 you will see an additional column added to the patch approval workflow containing the CVSS score for each patch. In the case where a patch resolves multiple vulnerabilities, the highest score will show. The CVSS score column can be used to sort patches from highest to lowest, the popout filter will also have filtering options available to target the patches with the highest scores first.

You can also click on the CVSS score of patches in the approval workflow to show a pop up that includes all the vulnerabilities being addressed by a patch, including the IDs and scores. This pop up will also include clickable links that direct you to Microsoft’s Security and Response Centre (MSRC) database if you require further information.

Since the news broke of the addition of CVSS scores to N‑central’s patch management, it has been widely welcomed by our partner base. In upcoming releases of N‑central in 2024 we will be b4inging in further enhancements to this feature, including adding colour to the CVSS column to visually highlight the severity of a patch using the traffic light system. We will also be integrating CVSS scoring into the automatic patch approval rules, which will allow you to target patches of a certain score and above to be automatically approved.

This is just the first enhancement to Patch Management in N‑central this year. If you are sitting there on an older version of N‑central and thinking you’re not going to upgrade because you can live without CVSS scores, remember updating your N‑central server not only gives you new features, but it is key to ensure you N‑central server is secure and preforms at its optimum best. 

If you have questions join me on the N-Central office hours at www.n-able.com/events.  For more insight on how you can get the most out of N‑central, you can attend our N‑central Boot Camps, recordings of which are available in the N‑ableU, alternatively keep an eye on www.n-able.com/events to register for the live sessions.

Paul Kelly is the Head Nerd at N‑able. You can follow him on Twitter at @HeadNerdPaulLinkedIn and Reddit at u/Paul _Kelly. Alternatively you can email me direct.

 

© N‑able Solutions ULC e N‑able Technologies Ltd. Tutti i diritti riservati.

Il presente documento viene fornito per puro scopo informativo e i suoi contenuti non vanno considerati come una consulenza legale. N‑able non rilascia alcuna garanzia, esplicita o implicita, né si assume alcuna responsabilità legale per quanto riguarda l’accuratezza, la completezza o l’utilità delle informazioni qui contenute.

N-ABLE, N-CENTRAL e gli altri marchi e loghi di N‑able sono di esclusiva proprietà di N‑able Solutions ULC e N‑able Technologies Ltd. e potrebbero essere marchi di common law, marchi registrati o in attesa di registrazione presso l’Ufficio marchi e brevetti degli Stati Uniti e di altri paesi. Tutti gli altri marchi menzionati qui sono utilizzati esclusivamente a scopi identificativi e sono marchi (o potrebbero essere marchi registrati) delle rispettive aziende.