Traditionally, when an organization needs to identify the critical issues that they have to address, all the reported vulnerabilities from all the sources have to be sifted through manually and then a list has to be compiled. This list needs to be assigned to the appropriate teams and then the progress across teams has to be tracked separately. The higher the number of vulnerabilities that are reported, the higher the time taken to identify the critical issues.
The following are some of the typical sources from which vulnerabilities flow in:
- Static scanners like HCL Appscan SAST, Fortify SAST etc.
- Dynamic scanners like Burp Suite professional, HCL Appscan DAST etc.
- Cloud scanners like Prowler, CloudSploit.
- Container scanners like Trivy.
- Network scanners like Nessus, Nexpose, Qualys etc.
- Internal VAPT assessments.
- External VAPT assessments.
Each scanner will generate a different report format, and each VAPT assessment will have its own format. When scans are scheduled to run on a daily/weekly basis, a lot of reports get generated in a very short amount of time. Prioritizing the vulnerabilities manually on a daily/weekly basis from these many sources is not practical. On top of it, a proper approach has to be taken when it comes to prioritizing vulnerabilities. We have provided more information about how to take a good approach towards prioritizing vulnerabilities here.
- A central location where vulnerabilities from all the different sources can be accessed.
- No matter where the vulnerabilities are coming in from, a standard structure has to be maintained which will make it easy to identify the top vulnerabilities quickly.
- Automating the prioritization of vulnerabilities.
Strobes has built functionality considering all of these requirements and the end result is that no matter how many vulnerabilities are flowing in, the prioritization is done in a matter of seconds and the results are readily available to you. The following points will provide answers to the requirements mentioned above.
Once you have all the vulnerabilities onboarded and once a prioritization score is generated for all of them, you can use the Advanced Query Language to quickly identify vulnerabilities for a certain priority score range. For example, the following is a filter to identify all the vulnerabilities with a priority score more than 900.
Not just that, it is also possible to save the queries which you have performed. If you save the query which you have used to identify the vulnerabilities with priority score more than 900 (it is called 'views' within Strobes). Whenever new vulnerabilities are added to the platform and if some of the new vulnerabilities have a score of more than 900, they will be automatically be displayed to the view which you have saved, making it very easy to keep a track of the top vulnerabilities on a regular basis.
It is also possible to onboard your teams onto Strobes and assign the vulnerabilities to the appropriate team members so that the state of the vulnerability can be tracked from within Strobes. If you are using Jira, you can setup a 2-way sync between Jira and Strobes, using which you can bulk send all of your vulnerabilities to Jira. Once the 2-way sync is established, whatever change is made on Jira gets reflected on Strobes and vice versa.
Want to know how to quickly identify the patches for all of your vulnerabilities?? Then, stay tuned and subscribe to our blog updates for part 2 of the blog.
