Guide

Publication date: 2024-05-01
SYSTEM

Introduction

 

BaseFortify is a threat intelligence web application that leverages deep learning to provide up-to-date warnings on cybersecurity vulnerabilities. Users receive clear, actionable advice on how to best mitigate these risks.

In this guide, we will explain how BaseFortify works and why users need to declare the applications and operating systems they use, which is referred to in cybersecurity as the attack surface.

Once the attack surface is defined, users are presented with a list of known threats applicable to their system. For each threat, a detailed report is generated, outlining how the vulnerability could be exploited by malicious actors and what steps users can take to mitigate the associated risks. Each threat is assigned a status, making it easy to manage vulnerabilities across applications or devices.

 

How does BaseFortify work?

 

System administrators and cybersecurity specialists are often overwhelmed by the sheer volume of cybersecurity information. BaseFortify filters this information, ensuring users are only confronted with relevant threats for their systems.

Threats to IT systems are typically conveyed through CVE (Common Vulnerabilities & Exposures) reports, which are published by the MITRE Corporation and the National Vulnerability Database (NVD).

These reports include a list of affected system components, such as hardware, operating systems, and applications. BaseFortify’s algorithms intelligently match CVE reports to your attack surface, whether you're using Windows, Linux, or macOS.

 

Setting up your system

 

After logging in, navigate to My Components to create your attack surface. Click on Add Components to begin. You can add components in three ways: manually, by copying from the clipboard, or by importing a JSON or CSV file. Manual addition is useful for adding single applications to an existing list, but let’s focus on the clipboard method.

On this page, you’ll find instructions for three system types: Microsoft Windows, Apple macOS, and Linux/Ubuntu. Click on any of the icons to view instructions for your operating system. For example, if you click on the Windows logo, you’ll be prompted to run a PowerShell command to gather your attack surface. Click Get Command to copy it to your clipboard. Open a PowerShell terminal, paste the command, and run it. After a few seconds, you’ll see a list of all installed applications and the operating system.

Copy this list from the terminal and paste it into the right-hand panel, then click Submit. You will now be on the Add Component page. In the header, you can bulk-select the component type—typically “Application,” but make sure your operating system (e.g., Windows) is set to “Operating System.” Under Node or Tag, select a group for your components, such as a specific device or general category (e.g., “Jessica’s Laptop” or “Development Team Laptops”). Finally, click Save. BaseFortify will now match your attack surface with known vulnerabilities.

 

Managing Threats

 

Once a match is found, it is labeled as a threat. In My Components, you’ll see the number of outstanding threats for each component. Many of these will be minor, but My Dashboard highlights the most critical and recent threats. It’s up to you to ensure that your system is updated to a secure version.

Each threat is associated with a CVE ID, which you can click on to read a detailed report and find mitigation methods.

Threats can be assigned the following statuses:

  • New
  • Open
  • In Progress
  • Completed
  • Archived

Initially, each threat is marked as New by our algorithm. The user can acknowledge the threat by setting its status to Open. When a mitigation plan is in progress, the status should be changed to In Progress. Once the issue has been resolved, mark it as Completed. Threats marked as completed will eventually be Archived, which removes them from active tables and graphs to avoid clutter.

 

Priority & Mitigation

 

Each threat has a corresponding CVSS score, which provides a rough indication of its severity. CVE reports detail vulnerabilities, but they are often published after an exploit has already been discovered by malicious actors. When a known exploit exists, the CVSS score will be higher.

It’s up to the user to prioritize threat resolution. The most common mitigation step is to update the affected application or operating system to a secure version. In some cases, system configuration changes may be necessary. For detailed mitigation instructions, consult the A.I. Assistant on the CVE report page.

With BaseFortify, staying ahead of cybersecurity threats is easier than ever. Register for free today and start managing your attack surface with precision and confidence.