Verizon Security Advisories

Background

Security advisories is a tool that provides Verizon wireline managed customers a user-friendly workspace to review which devices have been identified as possessing a risk (threat) in either the software or hardware component, and if necessary, take action to remove (remediate) the threat.

Core component vulnerabilities are identified via the National Vulnerability Database (NVD), as maintained by the National Institute of Standards and Technology (known vulnerabilities).  Verizon will match the known vulnerabilities information made available via the NVD and compare it to your known managed devices.

Note:

• Each customer will be limited to one CVE: Remediation

• The tool is only going to display known vulnerabilities published from Sept 2020 to current. Verizon cannot identify or distinguish between devices active on the Verizon network and devices which are dormant or may no longer be part of your active inventories

Why are Security advisories important?

As part of Verizon's ongoing commitment to security and transparency, Verizon will provide managed service customers with a cohesive, user-friendly dashboard of devices with known vulnerabilities.  Security advisories link to a user-friendly remediation process via Verizon Enterprise Center's online change management process.

How do I access the Security advisories tool?

The Security advisories tool is available to managed service customers who are registered in the Verizon Enterprise Center with the proper “roles” (including repairs and change management) and must have access to the specific devices associated with the known vulnerability.

1. Sign in to Verizon Enterprise Center

2. Select Service > Security advisories

3. From the Security advisories page, select the appropriate Customer ID from the drop-down menu.

Note: Accounts listed under Customer ID are aligned to the Legal Entity Identifier (LE ID) for the customer. Some VEC users may have permissions to multiple LE IDs, thus will have as many customers listed in the Customer ID dropdown.

The tool has two main views: Advisories view and Devices view. You can switch between the Advisories and Devices view by selecting the cog icon to the right of the search option.

• By selecting the funnel icon, you can customize your view according to your needs.
• By clicking on the downward arrow, you can export results to your email address.
• By clicking on the cog icon on the right-hand side, you can change your table view. 

You can toggle between devices that are in the Confirmed or Potential state.

To see the list of devices impacted by the Advisory ID, click  View.

You can open a Change Request (CR) for confirmed advisories. Select the applicable Advisory ID or devices (depending on your view), then click Remediate.

All Change Request fields are pre-populated except the Requested Start Date/Time (GMT) and Requested Completion Date/Time (GMT). You can include additional details in the Title and Objective fields as necessary.