Finding and Remediating OpenSSL Vulnerabilities at Scale: The Balbix Playbook

Whenever a new critical vulnerability hits the world (like last week’s high severity OpenSSL vulnerabilities), security teams have to scramble to answer:

  • What software is impacted?
  • What systems are impacted?
  • How long will it take to patch critical systems?
  • What the impact would be from leaving the vulnerability open in systems with low exposure or impact?

This task is increasingly not a human scale problem; the number of vulnerabilities and assets that organizations like yours have to manage, are growing exponentially.

The path forward lies in automation. Automation allows you to easily find and remediate vulnerabilities at scale. With automation, you can get instant visibility of impacted assets and can easily remediate vulnerabilities to reduce their exposure from weeks and months to days. 

Balbix provides an automated vulnerability management solution for our customers. Instead of having to scramble to answer the questions above each time they face a new vulnerability, our customers can follow a simple playbook. 

Let’s look at how Balbix customers could have used this playbook to respond to last week’s OpenSSL vulnerabilities as an example.

The Open SSL vulnerabilities

Last week, the OpenSSL Security team published an advisory regarding CVE-2022-3786 (“X.509 Email Address Variable Length Buffer Overflow”) and CVE-2022-3602 (“X.509 Email Address 4-byte Buffer Overflow”). Both of these vulnerabilities are classified as high severity. 

They affect OpenSSL versions 3.0.0 through 3.0.6. Any OpenSSL 3.0 application that verifies X.509 certificates received from untrusted sources should be considered vulnerable. This includes both TLS clients and TLS servers that are configured to use TLS client authentication. The recommended remediation is for users of OpenSSL 3.0.0 – 3.0.6 to upgrade to 3.0.7 as soon as possible. The recommended mitigation for TLS servers if an upgrade can’t be done immediately is for teams to disable TLS client authentication.

The Balbix playbook is as easy as 1,2,3! 


Balbix playbook for finding and remediating a vulnerability at scale
Balbix playbook for finding and remediating a vulnerability at scale


Step 1 : Query your inventory for affected assets

The first step is to identify where the CVE is present. With Balbix, you conveniently have this information at your fingertips. Balbix’s cyber asset attack surface management (CAASM) solution provides you with a continuously updated inventory of your assets, including a software bill of materials (SBOM), and vulnerabilities.

With a list of assets, it is easy to search for specific CVEs in your environment. To do so, you search for the CVE by number, as shown in the CVE Remediation screen below. The search results include the number of assets affected with the CVE. In this case there are 13 assets affected by CVE 2022-3786.


CVE search results showing the number of affected assets
CVE search results showing the number of affected assets

Step 2: Identify available and recommended fixes 

The second step is to identify how to mitigate or remediate the vulnerability. Balbix provides you with contextual information about a CVE including the published date and severity (see image above). As you can see below, Balbix also provides you with available fixes and the recommended fix. Balbix does this for each software version and identifies which assets are running those software versions.

What’s more? This information is updated in near real time. So, if new fixes become available after a few days, Balbix automatically updates that information without requiring you to run a scan.


Available fixes and recommended fix for each software version
Available fixes and recommended fix for each software version

Step 3: Dispatch for remediation directly from Balbix 

Balbix allows you to dispatch this information to risk owners with one-click ticket creation. 



One-click action to create a remediation ticket
One-click action to create a remediation ticket


Balbix’s integration with ServiceNow IT Service Management (ITSM) eliminates manual steps by allowing you to create ServiceNow remediation tickets directly within Balbix. This integration allows security and IT teams to work efficiently by using a familiar and shared system for remediation workflow. 


A view of a remediation ticket configured to integrate with ServiceNow
A view of a remediation ticket configured to integrate with ServiceNow

In summary

This simple yet effective playbook helps our customers reliably identify and mitigate vulnerabilities like the recent OpenSSL ones, at scale. 

As our founder and CEO, Gaurav Banga, wrote during the log4j crisis, vulnerability management is a data science problem. Balbix provides our customers with automation and advanced analytics so they can manage the huge number of CVEs present today, with speed and accuracy.

Learn how you can take full advantage of Balbix’s playbook for detecting and remediating vulnerabilities at scale by scheduling a 30-minute demo with Balbix. 

*** This is a Security Bloggers Network syndicated blog from Blog – Balbix authored by Kanika Thapar. Read the original post at: