AppViewX ADC+ provides a complete package for securing your F5 BIG-IP devices. This includes real-time monitoring of all known F5 BIG-IP vulnerabilities, automated patch management, and auto-remediation based on impact levels and severity. The AppViewX team has developed a special-purpose patch management workflow for F5 BIG-IP devices. This solution scans all F5 BIG-IP devices on a scheduled basis and generates reports showing which ones are vulnerable to specific CVEs (common vulnerabilities and exposures), either because they have yet to be patched or have yet to apply the latest update released by F5.
AppViewX is uniquely positioned to help you secure your F5 devices against critical vulnerabilities in less time than ever. This article describes how AppViewX ADC+ works and why it will save your organization time, money and effort when managing vulnerabilities and patches on F5 BIG-IP devices compared to manual methods or other automated tools available today.
Automated patching of F5 BIG-IP devices using AppViewX
AppViewX ADC+ can scan, detect and remediate F5 BIG-IP devices that have not been patched to address known vulnerabilities. It has two modes: auto-pilot or manual patching. In the auto-pilot mode, AppViewX ADC+ will scan all your devices automatically at specified intervals (i.e.every hour) and report back any vulnerabilities (CVEs) found on those devices so you can act accordingly (such as remediation). You can also choose from multiple reporting options like email alerts or dashboard integration with SIEM solutions like Splunk, so you are notified immediately when a vulnerability has been found and successfully fixed on one of your devices.
Features of the AppViewX ADC+ F5 BIG-IP CVE Reporting and Patch Management Workflow
- The tool provides an easy way to track the last time each device was patched.
- It allows you to configure your scanning schedule for all devices once a day or on demand. You can also run it against any group of devices and see the last-patched date for those devices.
- Once you have completed the scan, it will show the results in the web UI and give detailed information about what patches are missing on each device.
Running F5 CVE reporting workflow using AppViewX ADC+
The first step in the patch management workflow is to scan all devices. Once you’ve scanned your environment and identified which devices need to be patched, you can review the results and select the ones that need remediation.
- Scanning: You can do this using the AppViewX ADC+ solution or by deploying an agent on each device. If deployed locally, it scans for vulnerable software versions and automatically applies patches if they are available in your deployment repository.
- Remediating: This is done using the AppViewX ADC+ F5 CVE workflow (an extension of the same workflow used for scanning).
How to identify and fix F5 BIG-IP CVEs in minutes?
You’ve probably heard the buzz about these critical new F5 vulnerabilities, CVE-2022-41800 and CVE-2022-41622.. I have good news for you: finding vulnerable systems and remediating them can be easy with the right solution. I created a video to show you how easy it is to identify and fix this kind of CVE.
How to run an ad-hoc scan of devices
Begin by selecting the devices you wish to scan using AppViewX ADC+. You can select a single device or multiple devices in bulk. To do this, click on the “Select” button and then select the devices by clicking on them in either the Device Tree or Device List view.
Once your selection is complete, you can choose between two scanning types: IPs Only or Hosts & Services (which also includes applications). The former is useful if you want to check if there are any open ports on a specific host (or host range) without having to scan for any services running on those hosts, whereas the latter allows you to perform an ad-hoc audit of application security across all hosts that have F5 BIG-IP software running.
Selecting the time range for your scan will help define which data sets should be examined within that window: today’s logs only; yesterday’s logs only; the last seven days of results; etc.
Post-scan analysis and remediation (patching or mitigation)
The AppViewX ADC+ patch management workflow supports multiple remediation actions, including:
- Re-enabling features that were disabled to prevent exploitation of the vulnerability.
- Applying a configuration change (for example, disabling vulnerable features).
- You can use AppViewX ADC+ to patch or mitigate vulnerabilities on F5 BIG-IP devices. In addition, you can use it to perform compliance scans and remediation of devices that are out of compliance with security policies.
AppViewX is uniquely positioned to help you secure your F5 devices against critical vulnerabilities in less time than ever before.
If you’re an F5 BIG-IP customer, AppViewX ADC+ is a better way to manage your devices as we are better together with F5 BIG-IQ and enable you to deliver faster resolution for critical issues. We offer a special-purpose patch management workflow in AppVIewX ADC+ for the unique needs of F5 customers:
- Faster detection and remediation of security vulnerabilities with automatic scan scheduling, consolidated reports, and structured risk assessment across your entire environment;
- Single point of visibility into all the security vulnerabilities affecting all types of deployments, including Cloud, Data Center (private/public), and Edge
- Automated tracking of change management policy compliance across all F5 devices on any platform, whether virtual or physical – no matter if they’re managed by another vendor or not
It’s all part of our mission at AppViewX to help organizations like yours protect their applications and infrastructure from cyber threats while delivering innovative solutions that make your life easier!