KEV#
The Known Exploited Vulnerabilities (KEV) catalog, launched by CISA in Nov 2021, is a list of vulnerabilities that are actively exploited by malicious actors.
As of yesterday (Oct 31), the list has grown up to 1025
vulnerabilities. This is a valuable resource for organizations to prioritize their vulnerability remediation efforts and protect themselves from cyber attacks.
Here are some key takeaways from the CISA KEV catalog:
- Many of the vulnerabilities in the KEV catalog are old and well-known, highlighting the importance of regular patching.
- Organizations should implement a layered security approach to protect against known exploited vulnerabilities, including patching, security awareness training, and network segmentation.
- It is important to monitor systems for suspicious activity to detect and respond to cyber attacks early.
Vulnerability Analysis#
With these 24 months data, can we learn something out of it? Maybe for some funs ?
To have some funs for analysing the CISA KEV, we can:
- Download a copy of the KEV JSON file.
- Visualize the data with charts (like Taipy).
- Identify the trends and patterns:
- show the top-5 vulnerable vendors.
- show the top-5 vulnerable products.
- compare the data to previous year.
- correlate with the number of cyber attacks that occur
- identify vulnerabilities in certain months.
Below, here are the 2 ways that I’m doing analysis in CISA KEV data.
Eg.1: KEV Fun Enrichments#
- Top 5 vendors (listed in CISA KEV catalog).
- Top 5 products (listed in CISA KEV catalog).
- Distribution of KEV (based on months).
- Top 5 of 165 vendors : 521/1025 [ 50.83% ]
- Top 5 of 422 products: 219/1025 [ 21.37% ]
You can click on the legend to filter in the chart.
Microsoft | Apple | Cisco | Adobe | others | |
---|---|---|---|---|---|
271 | 68 | 67 | 65 | 50 | 504 |
Windows | Multiple Products (Apple) | Internet Explorer | Flash Player | Chromium V8 Engine | others |
---|---|---|---|---|---|
103 | 31 | 31 | 29 | 25 | 806 |
mean_val=85.4167
Jan | Feb | Mar | Apr | May | Jun | Jul | Aug | Sep | Oct | Nov | Dec |
---|---|---|---|---|---|---|---|---|---|---|---|
14 | 20 | 120 | 157 | 233 | 146 | 58 | 46 | 48 | 45 | 117 | 21 |
Key TakeAways: There are 5 months (Mar/Apr/May/Jun/Nov) where the distribution of KEV is higher than
mean
value.And this means more resources should be allocated for those months (in red).
Eg.2: KEV Dashboard (cmdline)#
This is a cmdline tool (written in Python) that can provide:
- top 5 vendors listed in KEV.
- top 5 products listed in KEV.
- heartmap calendar for vulnerability due date.
- heartmap calendar for vulnerability added.
Key TakeAways: The top 5 vendors/products info allow quickly analyze trends of KEV to better add intelligence-led prioritization to vulnerability management.