Press Releases 2024-05-22
PIOLINK(CEO, Young C. Cho) announced that it has developed a 'CVE management feature' and added it to its web firewall, WEBFRONT, making it the first in South Korea to do so. Designed to instantly verify protection against specific vulnerabilities through self-analysis and database automation of tens of thousands of the latest CVEs, WEBFRONT is emphasized as an effective proactive response solution for the increasingly critical aspect of software supply chain security.
Recently, the issue of software supply chain attacks, which exploit software security vulnerabilities and update structures, has been ongoing. The use of open source for both operational software and IT infrastructure systems has become commonplace, highlighting the importance of security management that can quickly respond to vulnerabilities.
A CVE (Common Vulnerabilities and Exposures) is an international standard code used to uniquely identify publicly known software vulnerabilities. It serves as an important metric for responding to security threats, including government security measures and update recommendations. Although various security solutions defend against vulnerabilities, companies often fail to apply security updates promptly for various reasons, exposing them to security incidents. Moreover, even when the government issues vulnerability management recommendations, information security managers must individually confirm with manufacturers or suppliers where the vulnerabilities are used, resulting in significant delays in patching and necessitating proactive measures to minimize damage.
In 2021, when hacking attacks exploiting the Log4j vulnerability spread fear worldwide, PIOLINK minimized customer damage by urgently deploying security signatures in WEBFRONT to protect customer servers. Identifying and addressing server vulnerabilities is challenging, but detecting and blocking such attacks with a web firewall positioned in front of the server is the most efficient alternative. WEBFRONT's ability to quickly respond to specific vulnerabilities through signature updates is particularly advantageous.
The government has also been emphasizing the importance of managing security vulnerabilities. In February, the Financial Security Institute was designated as a CVE numbering authority to enhance response to security vulnerabilities in financial software and related supply chain security. The Korea Internet & Security Agency (KISA) plans to revise laws and systems to strengthen companies' responsibilities for vulnerability management as part of its key projects for 2024.
Amid these policy changes, WEBFRONT's CVE management feature is expected to reduce the security management burden for institutions and companies and assist in establishing systematic security measures.
The CVE management feature introduced by PIOLINK after three years of preparation provides visibility into whether specific vulnerabilities can be defended against in WEBFRONT. Utilizing security experts and AI, PIOLINK analyzed CVEs disclosed since 2020, categorized approximately 20,000 latest web vulnerabilities, and built an automated database. This allows users to check attack scenarios and detailed information about specific vulnerabilities, as well as verify if security signatures against these attacks are updated. This feature, along with the signatures, is updated periodically, enabling companies to proactively respond to vulnerabilities announced by the government and all CVEs disclosed to date.
A web firewall is a security solution positioned in front of a server to block various web hacking attacks and prevent the leakage of sensitive information. It defends against web and API vulnerabilities published by international web security standard organizations like OWASP and KISA, as well as the eight major vulnerabilities identified by the National Intelligence Service.