Traditionally, when an organization needs to identify the critical issues that they have to address, all the reported vulnerabilities from all the sources have to be sifted through manually and then a list has to be compiled. This list needs to be assigned to the appropriate teams and then the progress across teams has to be tracked separately. The higher the number of vulnerabilities that are reported, the higher the time taken to identify the critical issues.
Reports from multiple sources
The following are some of the typical sources from which vulnerabilities flow in:
– Static scanners like HCL Appscan SAST, Fortify SAST etc.
– Dynamic scanners like Burp Suite professional, HCL Appscan DAST etc.
– Cloud scanners like Prowler, CloudSploit.
– Container scanners like Trivy.
– Network scanners like Nessus, Nexpose, Qualys etc.
– Internal VAPT assessments.
– External VAPT assessments.
Each scanner will generate a different report format, and each VAPT assessment will have its own format. When scans are scheduled to run on a daily/weekly basis, a lot of reports get generated in a very short amount of time. Prioritizing the vulnerabilities manually on a daily/weekly basis from these many sources is not practical. On top of it, a proper approach has to be taken when it comes to prioritizing vulnerabilities. We have provided more information about how to take a good approach towards prioritizing vulnerabilities here.
To identify the top issues that need to fixed, the following are the requirements:
– A central location where vulnerabilities from all the different sources can be accessed.
– No matter where the vulnerabilities are coming in from, a standard structure has to be maintained which will make it easy to identify the top vulnerabilities quickly.
– Automating the prioritization of vulnerabilities.
How can you save time with Strobes?
Strobes has built functionality considering all of these requirements and the end result is that no matter how many vulnerabilities are flowing in, the prioritization is done in a matter of seconds and the results are readily available to you. The following points will provide answers to the requirements mentioned above.
- Strobes connects with several SAST, DAST, Cloud scanners and Container scanners. Apart from that it is also possible to import csv, xml, json reports onto the platform using which it is possible to bulk import vulnerabilities. By making use of all these connectors it is possible to onboard all vulnerabilities of an organization to a central location i.e Strobes. More about Strobes integrations here.
- Once the vulnerabilities are onboarded onto the platform, irrespective of the source strobes will standardize the format of the vulnerabilities.
- Strobes will also assign a prioritization score for all the vulnerabilities which are onboarded onto the platform. Prioritization score ranges from 0-999.
Prioritization Scoring
Once you have all the vulnerabilities onboarded and once a prioritization score is generated for all of them, you can use the Advanced Query Language to quickly identify vulnerabilities for a certain priority score range. For example, the following is a filter to identify all the vulnerabilities with a priority score more than 900.
Custom Views
Not just that, it is also possible to save the queries which you have performed. If you save the query which you have used to identify the vulnerabilities with priority score more than 900 (it is called ‘views’ within Strobes). Whenever new vulnerabilities are added to the platform and if some of the new vulnerabilities have a score of more than 900, they will be automatically be displayed to the view which you have saved, making it very easy to keep a track of the top vulnerabilities on a regular basis.
Connecting Teams
It is also possible to onboard your teams onto Strobes and assign the vulnerabilities to the appropriate team members so that the state of the vulnerability can be tracked from within Strobes. If you are using Jira, you can setup a 2-way sync between Jira and Strobes, using which you can bulk send all of your vulnerabilities to Jira. Once the 2-way sync is established, whatever change is made on Jira gets reflected on Strobes and vice versa.
Want to know how to quickly identify the patches for all of your vulnerabilities?? Then, stay tuned and subscribe to our blog updates for part 2 of the blog.