Rezilion Offers MI-X, An Open Source Tool to Help Cybersecurity Community Determine if a Vulnerability is Exploitable – or Not
Las Vegas, (August 11, 2022) — Today Rezilion announced the availability of MI-X, a newly created open-source tool developed by Rezilion’s vulnerability research team that made its debut this week at Black Hat Arsenal. Available as a download from the Github repository, it is a CLI tool that can help researchers and developers know if their containers and hosts are impacted by a specific vulnerability, thus allowing organizations to target remediation plans more effectively.
“Cybersecurity vendors, software providers and CISA are issuing daily vulnerability disclosures alerting the industry to the fact that all software is built with mistakes that must be addressed, often immediately. With this influx of information, the launch of MI-X offers users a repository of information to validate exploitability of specific vulnerabilities creating more focus and efficiency around patching efforts,” said Yotam Perkal, Director, Vulnerability Research at Rezilion. “As an active participant in the vulnerability research community, this is an impactful milestone for developers and researchers to collaborate and build together.”
Current Vulnerability Tools Don’t Factor In Exploitability
Each day, organizations grapple with a litany of critical and zero-day vulnerabilities and scramble to understand if they are affected by that vulnerability before a threat actor figures it out first. Many times, their existing tools cannot help them make this determination. That’s because. In order to do so, organizations need to:
- First, identify the vulnerability in their environment
- Ascertain whether that vulnerability is actually exploitable in order to have a mitigation/remediation plan in place.
What organizations need is a tool that can answer the two questions above. Current vulnerability scanners take too long to scan, don’t factor exploitability, and based on the nature of a specific vulnerability often miss it altogether – as was the case with the recently discovered Log4j vulnerability. The lack of tools gives threat actors a lot of time to exploit a flaw and do major damage.
MI-X helps you to understand if you are actually affected by a specific vulnerability
Using MI-X, organizations can identify and establish the exploitability of 20+ high-profile CVEs within their environment, including hosts and containers. The tool can easily be updated to include coverage for new critical and zero-day vulnerabilities.
The tool will be a key asset to security teams seeking to know if critical bugs are a serious threat to their individual software environment so they can take action. With MI-X, security teams can scan a specific host or container and determine if a high-risk vulnerability is present and exploitable in hosts and containers.
MI-X is ideal for researchers, developers, and very small organizations to quickly detect the presence and exploitability of a known critical CVE so they can eliminate guesswork and focus on remediating what presents a true risk to the environment.
Easily upgradeable to expand coverage of vulnerabilities, by using MI-X, security teams can strategically identify vulnerabilities, without the need for expensive tools. Through MI-X, users can:
- Find vulnerabilities: With MI-X you can identify and establish the exploitability of a known critical CVE.
- Know why it’s exploitable: Don’t just find the CVE but also get a detailed view of the criteria that need to be met for the vulnerability to be exploitable. This allows organizations to adopt the correct remediation strategy.
The introduction of MI-X is the first of a series of initiatives planned by Rezilion to foster a community around detecting, prioritizing and remediating software vulnerabilities.
For more information on getting started with MI-X, visit https://www.rezilion.com/rezilion-tools/am-i-exploitable/ or join the tool’s open Slack channel at https://www.rezilion.com/lp/join-the-mi-x-community-on-slack/.
Rezilion’s platform automatically secures the software you deliver to customers. Rezilion’s continuous runtime analysis detects vulnerable software components on any layer of the software stack and determines their exploitability, filtering out up to 95% of identified vulnerabilities. Rezilion then automatically mitigates exploitable vulnerabilities across the SDLC, reducing vulnerability backlogs and remediation timelines from months to hours, while giving DevOps teams time back to build.
Learn more about Rezilion’s software attack surface management platform at www.rezilion.com and get a 30-day free trial.