⌁ controlled preview · invite required
Infrastead turns vendor security advisories into infrastructure decisions: which devices are exposed, what the evidence says, whether the mitigation actually holds — and what leadership needs to sign off.
ADVISORY
CVE-2024-3400 · vendor feed
ASSETS
66 devices · 4 in scope
EVIDENCE
per-device facts · versioned
INTEGRITY
deterministic verdicts
REPORT
executive decision output
The feed tells you a vulnerability exists. It does not know your inventory, your exposure, your HA design, or whether the workaround you applied last Tuesday still reduces risk. That gap is where incidents live.
noise / feed
▒ CVE-2024-3400 PAN-OS GlobalProtect
▒ CVE-2024-21762 FortiOS SSL-VPN
▒ CVE-2023-20198 IOS-XE Web UI
▒ CVE-2024-20399 NX-OS CLI
▒ CVE-2023-46805 Ivanti Connect Secure
▒ CVE-2023-4966 Citrix NetScaler
… thousands more this year
signal / your estate
▲ AFFECTED pa-edge-fw-01 exposed · GlobalProtect on
▲ AFFECTED pa-edge-fw-02 HA peer · mixed version
◆ VALIDATE pa-core-fw-01 version unknown
● CLEAR 61 devices not applicable
One advisory. Four devices that matter. Evidence for each.
fig. 02 — advisory noise vs. infrastructure signal · sample
Most tools stop at tracking whether a patch was deployed. Infrastead asks a harder question: is the mitigation trustworthy enough to support a decision? A workaround that was applied — but silently disabled by the next config push — is worse than no workaround, because everyone stopped watching.
Mitigation Integrity classifies each device from its saved evidence, with a deterministic, versioned classifier. When the evidence cannot support a verdict, the verdict is requires_validation — never a quiet downgrade to “probably fine.”
Workaround applied, verified against evidence, integrity conditions hold.
Fixed version confirmed on-device — not assumed from a ticket.
Risk reduced but conditions remain: mixed HA versions, partial rollout.
Evidence insufficient to conclude either way. Says so, out loud.
The mitigation does not hold. This is the row that pages someone.
fig. 03 — integrity verdict states · deterministic classifier · sample
CVSS matters — and it does not know your topology, your exposure, your HA design, or whether last week's workaround survived this week's change window.
07 // controlled preview
Infrastead is in a limited, guided preview: one advisory, your inventory, real applicability analysis, evidence, mitigation integrity, and an executive report — end to end, in one sitting. An invite code and a verified work email are required.
decision support · no automatic infrastructure changes · validate before operational action
access · invite-gated · verified work email required