Cisco Secure Workload User Guide SaaS, Release 3.8
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Cisco Secure Workload identifies and displays a list of the known Common Vulnerabilities and Exposures (CVE) across your workloads
on the Vulnerabilities page. Using the displayed scores and the severity of the CVEs, you can focus your efforts on the most critical vulnerabilities
and workloads that need most attention. Select a scoring system and the scope to view the CVEs according to the severity and
other attribute details.
The different scoring systems used in Secure Workload are:
Common Vulnerability Scoring System (CVSS): CVSS is a qualitative measurement of severity of the CVEs, from low to critical.
The scores help you to prioritize responses for the most critical severities. CVSS V3 is the most recent version of the CVSS
scoring mechanism.
Table 1. Scoring Systems and Corresponding Attributes
Scoring System
Attributes
CVSS V3
CVE Score with Severity
Attack Complexity
Attack Vector
Availability Impact
Base Severity
Confidentiality Impact
Integrity Impact
Privileges Required
Scope
User Interaction
CVSS V2
CVE Score with Severity
Access Complexity
Access Vector
Authentication
Availability Impact
Confidentiality Impact
Integrity Impact
Severity
The dashboard highlights the distribution of vulnerabilities in the chosen scope and displays vulnerabilities by different
attributes, for example, complexity of exploits, can the vulnerabilities be exploited over the network or does attacker need
local access to the workload. Furthermore, the statistics can filter out vulnerabilities that are remotely exploitable and
have lowest complexity to exploit.
The CVE threat databases in Secure Workload are updated every 24 hours by retrieving the latest CVE details from popular sources
such as NIST, Microsoft, and Oracle. If the Secure Workload cluster is in an air-gapped environment, the CVE threat data packs
must be downloaded from https://updates.tetrationcloud.com and uploaded in Secure Workload.
By using the scores and the required attributes of the known CVEs in your workloads, you can:
Configure microsegmentation policies to block the external communication from the impacted workloads and publish virtual patching
rules to Cisco Secure Firewall Management Center.
Vulnerability Dashboard
To view the Vulnerabilities page, from the navigation pane, choose Investigate > Vulnerabilities. The vulnerabilities identified using the different scoring system are displayed. The graphs and widgets display the number
of vulnerabilities with the associated risk level and attributes depending on the scoring systemts to identify workloads
which requires immediate attention and the packages which needs to be patched immediately to reduce the risks.
The following tabs are filtered based on the selected portion of the graphs or widgets:
The CVEs tab highlight the vulnerabilities that requires attention in the selected scope.
The Packages tab lists the packages that must be patched.
The Workloads tab lists the impacted workloads in the selected scope.
The Pods tabs lists the impacted Kubernetes pods in the selected scope.
For details, click the required row in the tabs. For example, click a row in the Packages tab to view the workloads where
the package or version is installed and the associated vulnerabilities for the package. The displayed lists can be downloaded
as a JSON or CSV file using the download links.
CVEs Tab
Based on the scoring system and selected scope, the CVEs tab lists the vulnerabilities identified on the workloads. For each
CVE, besides basic impact metrics, exploit information based on Secure Workload's threat intelligence is displayed:
Exploit Count: Number of times the CVE was seen exploited in the organizations in the previous year.
Last Exploited: Last time the CVE was seen exploited in the organizations by Secure Workload's threat intelligence.
The graphs and pie chart can be used to filter the CVEs based on the severity or the required attributes of the scoring system.
For example, if you click the Critical severity bar in any of the scoring system, the table will display only the workloads,
packages, and pods containing the critical CVEs.
Click the requied row under the CVEs tab to get more details on that vulnerability and the impacted workloads.
Packages Tab
The Packages tab lists the imapcted software packages that must be upgraded to reduce their attack surface.
Click the requied row under the Packages tab to get more details on impacted packages, the workloads with the packages, and
the identified CVEs in the packages.
Workloads Tab
The Workloads tab lists the workloads that require immediate attention in terms of software updates or patches.
Click the requied row under the Workloads tab to get more details on vulnerable packages present in the selected workload.
To view the workload profile, click the workload name next to the title of the dialog box.
You can select the workloads and download a summary of the vulnerabilities impacting the workloads as a CSV file.
Pods Tab
The Pods tab lists the Kubernetes pods that require immediate attention in terms of software updates or patches.
Click the requied row under the Pods tab to get more details on impacted Kubernetes pod, packages, images, and the identified
CVEs.