Skip to main content

CISA KEV Distribution

·451 words·3 mins
Posts chart cisa kev graph shortcodes vulnmgmt
Table of Contents
CISA_KEV - This article is part of a series.
Part 1: This Article
What we can learn from CISA KEV after 24 months?

KEV
#

The Known Exploited Vulnerabilities (KEV) catalog, launched by CISA in Nov 2021, is a list of vulnerabilities that are actively exploited by malicious actors.

As of yesterday (Oct 31), the list has grown up to 1025 vulnerabilities. This is a valuable resource for organizations to prioritize their vulnerability remediation efforts and protect themselves from cyber attacks.

Here are some key takeaways from the CISA KEV catalog:

  • Many of the vulnerabilities in the KEV catalog are old and well-known, highlighting the importance of regular patching.
  • Organizations should implement a layered security approach to protect against known exploited vulnerabilities, including patching, security awareness training, and network segmentation.
  • It is important to monitor systems for suspicious activity to detect and respond to cyber attacks early.

Vulnerability Analysis
#

With these 24 months data, can we learn something out of it? Maybe for some funs ?

To have some funs for analysing the CISA KEV, we can:

  1. Download a copy of the KEV JSON file.
  2. Visualize the data with charts (like Taipy).
  3. Identify the trends and patterns:
    • show the top-5 vulnerable vendors.
    • show the top-5 vulnerable products.
    • compare the data to previous year.
    • correlate with the number of cyber attacks that occur
    • identify vulnerabilities in certain months.

Below, here are the 2 ways that I’m doing analysis in CISA KEV data.

Eg.1: KEV Fun Enrichments
#

  1. Top 5 vendors (listed in CISA KEV catalog).
  2. Top 5 products (listed in CISA KEV catalog).
  3. Distribution of KEV (based on months).
  • Top 5 of 165 vendors : 521/1025 [ 50.83% ]
  • Top 5 of 422 products: 219/1025 [ 21.37% ]

You can click on the legend to filter in the chart.


MicrosoftAppleCiscoAdobeGoogleothers
27168676550504

WindowsMultiple Products (Apple)Internet ExplorerFlash PlayerChromium V8 Engineothers
10331312925806

mean_val=85.4167

JanFebMarAprMayJunJulAugSepOctNovDec
14201201572331465846484511721

Key TakeAways: There are 5 months (Mar/Apr/May/Jun/Nov) where the distribution of KEV is higher than mean value.

And this means more resources should be allocated for those months (in red).

Eg.2: KEV Dashboard (cmdline)
#

This is a cmdline tool (written in Python) that can provide:

  • top 5 vendors listed in KEV.
  • top 5 products listed in KEV.
  • heartmap calendar for vulnerability due date.
  • heartmap calendar for vulnerability added.

Key TakeAways: The top 5 vendors/products info allow quickly analyze trends of KEV to better add intelligence-led prioritization to vulnerability management.

Links#

CISA_KEV - This article is part of a series.
Part 1: This Article

Related

Vulnerability Data Analytics
·1396 words·7 mins
Posts data analytics metrics kpi report vulnmgmt
Ineffective metrics and KPIs may lead to false sense of security in Vulnerability Management reporting.
Vulnerability Detection Outcomes
·152 words·1 min
Posts Simplify 101 infosec vulnmgmt
4 outcomes in vulnerability detection.
Challenges In Vulnerability Management
·268 words·2 mins
Posts vulnmgmt
Vulnerability management faces challenges in both agent-based and network scan-based approaches