One of the significant challenges for organizations is timely remediation of identified vulnerabilities. 60% of breaches today involve vulnerabilities for which a patch exists but is not applied. Out of the approx. 11,000 known and exploitable vulnerabilities, some situations wherein patches are available but cannot be deployed in sensitive environments such as ICS. Threat Intelligence as a tactic to prioritize a vulnerability and redundant vulnerabilities across the organization is a real challenge that can delay the decision and vital norms for remediation.
In addition, managing multiple manual vulnerability management adds a significant operational burden on development and security teams. Since security teams deal with reports from varied sources (such as automated vulnerability and patch management solutions and multiple manual assessment results across assets), it becomes challenging to manage redundant vulnerabilities manually with a large volume of vulnerabilities. It impacts the efficiency of the remediation and requires an approach to normalize the vulnerabilities across multiple sources. Vulnerability Management solutions that are limited in their capability for host reconciliation technology are also challenged with asset duplication, besides the inherent challenges which security leaders face.
With such operational challenges, it tends to get tedious and time-consuming especially during this point in time – where we lack time and necessary skills. It is certainly a lot to keep up with – from sorting redundant vulnerabilities across multiple sources to identifying the current status of criticality for each system, etc.
Security leaders also find it very difficult to cope with the frequent assessments across multiple sources in an automated and manual fashion. Generally, once an assessment is completed, internal labor is required to get rid of redundant vulnerabilities, identify the right criticality of the vulnerability as per business context, and further take actions to remediate. It’s easy to lose track of the process, across multiple categories of assets.
Opportunities to handle such challenges
Given the mentioned operational challenges which security teams face today when conducting manual vulnerability management and collating insights from multiple sources, many opportunities exist to address these. Specifically, organizations can leverage and invest in a third-party solution such as Strobes, to normalize vulnerabilities and prioritize assets to better uncover the vulnerabilities that matter the most based on risk.
The Cybersecurity & Infrastructure Security Agency (CISA) as per the CRR Supplemental Resource Guide, identifies the ability to categorize and prioritize vulnerabilities as a critical capability to implement vulnerability analysis and resolution. According to Gartner (Shoard, 2020), Vulnerability Prioritization is an emerging technology that identifies and prioritizes the vulnerabilities that pose the most significant risks to an organization. Strobes which is our risk-centered vulnerability management platform, enables organizations to streamline these challenges inherently.
The Strobes solution provides a prioritization score, which is essentially based on the vulnerability context i.e. severity of a vulnerability, the exploitability of a vulnerability, asset criticality, threat intelligence from ~13 intel feeds, business contextualization and compensation controls in place. Current methods typically prioritize vulnerabilities based on a severity score or the scoring system of a VM tool, which is often based on a single metric. Whereas Strobes can correlate risk to the specific organization’s nuanced context and helps prioritize remediation to treat vulnerabilities in alignment with the organization.
There are also situations, wherein asset duplications occur primarily due to a reconciliation mismatch when an organization’s security mechanisms in place are duplicating assets. In choosing possible software solutions available, it is critical to consider effective benchmarking of such solutions which achieve accurate asset reconciliation. In benchmarking Vendor VM Systems and other criteria, it is essential also to include how well they correlate endpoints across many scans.
Strobes can be implemented into the software development pipeline and via available secure APIs can automate scan results across multiple sources (from automated vulnerability management solutions and manual assessments). It would also conduct vulnerability correlation, normalization, de-duplication, and risk prioritization. Strobes support the correlation and de-duplication of vulnerabilities caught by a scanner, manual assessments, and patch management tools by segregating detected vulnerabilities by Common Vulnerability Exploits (CVE) per asset.
For example, consider a scenario in which you have two Tomcat servers on a machine and two vulnerability scanners. Your scanners may show four total vulnerabilities, but Strobes would perform de-duplication to only show as two vulnerabilities across multiple assets, one for each instance of Tomcat. Ultimately, when the source scanner provides CVE cross-references, Strobes would automatically correlate CVE associations with assets. Correlation allows Strobes to infer threats and exploits, which are highly useful to automate vulnerability risk scoring and facilitate patch-to-asset correlation.
Inference of Threat Intelligence to VM
Understanding the intelligence lifecycle and processing intelligence is also a critical capability of effective VM in any organization. To address asset duplication, most types of threat data typically need to be processed before being usable. For this reason, automated Processing Intelligence is a growing area of interest, specifically for collecting and processing tasks such as de-duplication and enrichment of data, which is supported intrinsically by Strobes.
According to a SANS Survey (Brown & Lee), which has been tracking the evolution of CTI, among the types of processing done for CTI information to be more usable, de-duplication of information was 43% semi-automated among respondents with only an 18% response for being fully automated.
Given the amount of time consumed among security analysts for processing threat data, continued growth and development likely increases an organization’s abilities to operationalize intelligence and result in greater satisfaction with Cyber Threat Intelligence (CTI). With Strobes, we tend to help organizations in streamlining vulnerability management by aggregating vulnerabilities and simplifying the prioritization of findings using threat intelligence and machine learning. With such a level of aggregation, de-duplication of vulnerabilities – management can get actionable insights beyond the vulnerabilities lifespan to emphasize effective and efficient remediation.
Remediate your vulnerabilities by Vulnerability Management – Get Quote Now