‎03-22-2024 10:53 AM - edited ‎05-27-2024 03:30 PM
We are pleased to announce that our integration with VulnCheck, our new primary vulnerability intelligence data provider, is now complete. Customers can now test and utilize the updated vulnerability data.
Our initial release focuses on critical and high-risk vulnerabilities that may exist in your environment. Over the coming weeks, we will expand coverage to include additional lower-risk vulnerabilities, with continuous improvements expected over time.
Lansweeper engineering has established a targeted completion date, set for June. We'll continue to keep you informed as we make progress.
** Update 5th April 2024**
Lansweeper has selected VulnCheck (https://www.vulncheck.com) to become our primary partner when it comes to vulnerability intelligence data. We are in the process of planning the integration and will update shortly on the expected timescales.
What is the problem?
Recently, Lansweeper has learned that the National Vulnerability Database (NVD), provided by the National Institute for Standards and Technology (NIST), has temporarily stopped analyzing most new vulnerabilities. From their website:
Many organizations, including Lansweeper, have relied on the NVD to assist with vulnerability and risk management for nearly two decades. It For us, it contains the specific metadata needed to associate published vulnerabilities with specific products and systems in an IT environment.
While the above notice appeared on February 15th, it was not evident that the delay would be so impactful, particularly because NVD has offered no additional communication.
However, per this blog from Resilient Cyber, you can see for yourself how the data analyzed by NVD has dropped off considerably since that date:
While this delay is an industry-wide issue, we are unable to procure a firm resolution date from NIST at this time.
The result is that Lansweeper has insufficient data from NVD to identify most vulnerabilities in your environment since February 15th.
What are we going to do about it?
To rectify this issue, Lansweeper is designing a new method of providing this vital information to our customers and has prioritized an engineering fix to resolve this issue.
What can you do in the meantime?
In the meantime, vulnerabilities prior to February 15th are not impacted. Similarly, our zero-day vulnerability and Patch Tuesday reports are available too.
Thank you for your patience while we make this transition, and we’ll keep you up to date as we make progress over the coming weeks.
Best regards,
Maria Orellana
‎04-04-2024 08:22 AM
Can we get an update on this? I know 2 weeks in development is not long but we payed additional subscription costs mainly because of this feature. Do we get additional time on our license?
‎04-08-2024 07:57 AM
Hello there!
In case you have any concerns regarding licensing, we kindly advise reaching out to your account owner or contacting our sales department at https://www.lansweeper.com/contact/contact-sales/.
They'll be happy to assist you in any way they can.
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now