Introducing Smart Fix By Rezilion
As a part of our mission to improve and accelerate software supply chain security, today we are pleased to unveil Rezilion’s new Smart Fix feature.
Vulnerabilities can pose significant risks to organizations, and we all know it’s vital that they are remediated as soon as possible. But more often than not, patching vulnerabilities is a time-consuming process – and one that can introduce operational risk to an organization if it’s not approached correctly. Within this process, at best, valuable security and developer bandwidth is eaten up researching the appropriate component version to upgrade to in order to patch the vulnerability, if an upgrade is even available. At worst, a patch is implemented but it breaks the build, triggering downtime and other issues.
With Smart Fix, Rezilion users can avoid these problems altogether, by receiving guidance on what, where and how to patch…automatically. The Smart Fix capability surfaces information on the best update version available to patch all CVEs with the lowest likelihood of breaking applications or infrastructure. This information is provided for every vulnerable component that is identified within a customer’s environment. A user can view which of the vulnerable components has a fix by navigating to the Remediation tab in the platform. If a vulnerable component has a fix, the user can open a ticket for one or more vulnerable components and view the fix suggestion versions. Under the field “update version” in the ticket, the user can see the suggested fix version for every vulnerable component. Either the smart Rezilion fix (which considers operational risk) or the latest version is available or the security person can write a custom fix – in which case the security person defines the version. After choosing a version, the user can create the ticket, and all the data including the version chosen will be sent automatically to the developer responsible for fixing it.
How It Works
Smart Fix guidance is powered by Rezilion’s Next Generation Vulnerability Database (NGVDB), which maintains an up-to-date record of each component’s unique vulnerability properties and version history. By overlaying this data on top of a customer’s dynamic SBOM, customers can then understand not only where vulnerabilities exist, but if and how to go about addressing them as efficiently as possible.
For every vulnerable component, we now offer the following information:
Whether there is any fix for it or not – Speed up time to remediate by immediately flagging which vulnerable components have a fix available; Filter the Remediation tab view to triage remediation work accordingly.
- Rezilion Smart Fix – Using a unique algorithm, we calculate the lowest version of a component that solves maximum risk with minimum operational risk. The lower the version, the fewer dependencies it will have to affect, and the less damage it will cause, which is the biggest pain point and fear among developers today.
- Latest version – For customers who want to update to the latest version, we also offer the latest version for each vulnerable component.
- Custom remediation – There are some components that cannot be upgraded to a newer version. This use case allows security people to text guide their developers on how to address this particular vulnerability.
- What you can see on the following image is that components have been resolved (green icon) – that is, components with their specific versions which were present in the environment previously but are not present in the environment anymore and have been resolved. It doesn’t matter if they have vulnerabilities – you don’t have to worry about them.
Smart Fix is now available for all supported environments, including both Windows and Linux operating systems. Due to the ever-changing nature of vulnerability remediation, we will continue to improve our algorithm, expand our coverage, and expand our workflow in the months to come.
Want to see how it works? Book a demo with our technical team today for a personalized tour.
See you soon,
About the author: Aram Peles Chen is a product manager at Rezilion, specializing in networks and cyber security, and a former officer in unit 8200 (the national cyber unit in the intelligence forces in the IDF). Aram led the development of major features for Rezilion, including the recently added Smart Fix and Enrichment Feeds.