THREAT-BASED VULNERABILITY MGMT

Most organizations are overwhelmed with lists of vulnerabilities generated by a variety of vulnerability scanners used for applications, operating systems, network devices, and databases. There are simply not enough resources to remediate all of these vulnerabilities. Various risk scoring methods have been developed over the years which have not solved the prioritization problem. Asset ranking is surely important but it is not enough. A new approach, using a cloud-based Threat Intelligence service that includes asset valuation to prioritize vulnerability risk has shown to be effective. In addition, it can be implemented quickly with no infrastructure disruption.

Vulnerability Management is core to most organizations’ information security programs. However, the sheer number of vulnerabilities discovered by scanners across applications, operating systems, network devices, and databases overwhelms most organizations’ limited resources. Therefore organizations look for ways to prioritize remediation.

A variety of vulnerability prioritization methods have been tried with limited success. Vulnerability scoring formulas are complicated and don’t reflect real-world risk. Asset grouping and ranking has shown to be valuable, but is not enough.

Applying internal network topology by gathering router and firewall configuration information has had some success with respect to traditional “outside-in” attacks. However, this approach is not as helpful with respect to drive-by browser and phishing attacks which often include privilege escalation. In addition, for a large organization, collecting and analyzing router and firewall configuration information is not easy.

Combining asset ranking/grouping with Threat Intelligence is showing to be a very effective vulnerability prioritization approach because actual threat information is a core factor in determining risk. In other words, more accurate risk scoring of vulnerabilities can be achieved by using Threat Intelligence plus asset ranking/grouping.

Furthermore, if the Threat-based Vulnerability Prioritization functionality is provided as a cloud-based service (SaaS), then the time-to-value for the vulnerability management team is very short. Other key requirements include integration with a wide variety vulnerability scanners, asset tagging/grouping directly in the product and integration with asset tagging included with scanners, comprehensive reporting, access controls, and  auditing.

If you have a question or a comment, or would like more information, please let us know by completing the Contact Us box on the upper right side of this page.