“runc” with ThreatWatch
Early last week, all of us got alerted with reports of a major vulnerability in the “runc” binary. The vulnerability was due to the way the runc binary handled system file descriptors when running containers , which could allow malicious containers to overwrite contents of the binary and ultimately cause remote code execution.
Not many would know but this this was reported to RedHat exactly a month ( Jan 10th ) before we saw the flurry of activity during the week of Feb 11th. Over the last week a number of OS vendors, networking software vendors, cloud providers, virtualization software providers made patches available and some are still investigating.
ThreatWatch covered this from day 1 and updated its customers for each patch and exploit update ( yes , exploits were also published which were tracked ). More importantly the social chatter that matters a lot for such vulnerabilities was also covered by ThreatWatch. Below are some examples that went beyond the information provided by vendors and kept our customers updated of the latest,
The single unified view provided by ThreatWatch covering NVD, all advisories and bulletins and social chatter helped our customers stay on top of the issue. This is in addition to off-platform alerting that allowed customers to share specific platform issues via Google Chat / Slack integrations as well as simple email notification.
Enterprises face a dual challenge today. The first is to track lifecycle of a specific vulnerability that evolves over a period of time and secondly the challenge of knowing the cross product / vendor impact of a single vulnerability to get actionable information. In heterogenous multi cloud environments that business are heading into, this becomes very crucial. The timeline below highlights the value that ThreatWatch brings in for both of these cases.
Lastly, the information needs to be made available as soon as its the public domain and in a de-centralized manner ( across teams responsible for acting on it ) which is where alerts come in handy to make just the right level of detail available for teams to act.