Priority

Manage the vulnerability deluge with “Actionable Insights”

by Paresh Borkar

The number of vulnerabilities being reported has just been growing over the years. The below chart help depict how the count of vulnerabilities has grown significantly (though not yet exponentially) over the recent years.

Note it is apparent from the chart how ThreatWatch provides better overall vulnerability intel coverage, apart from standard sources like NVD.

Alongside the increase in vulnerabilities over the years, software footprint of the organization has been growing steadily as well. Most organizations have undergone digital transformation or have already embarked on the digitalization journey. This increase in software footprint compounded by the progressive increase in the number of vulnerabilities reported spells disaster for organizations.

Most organizations have figured out that tracking their infra and software inventory is a key step in the right direction. However, without the ability to prioritize vulnerability impacts, the organization is essentially trying to find a needle in the haystack.

Organizations need a solution which can help bubble up the top priority impacts which need immediate attention. It is important to recognize the difference – organizations do not need high priority vulnerabilities to be bubbled up, but rather high priority impacts of vulnerabilities affecting their key organizational assets.

Let us take an example to better understand this crucial aspect – say a vulnerability with a CVSS score of 10.0 (highest) is discovered but it affects an asset which is not business critical and which resides on the internal network of the organization – versus – another vulnerability which has a slightly lower CVSS score of 9.5 but affects an external facing business critical asset of the organization. By simply looking at the criticality of the vulnerability one can get misguided and hence it is important to look at the overall picture of the impact with complete context.

ThreatWatch (TW) provides “Actionable Insights” based on automatic prioritization of vulnerability impacts on organizational assets. Based on this prioritization, vulnerability impacts are classified as:

  • DoNow – something that needs immediate attention
  • DoLater – Non-immediate things

The prioritization algorithm is driven by the following attributes of the impact: severity score of the vulnerability from standard source like NVD, TW’s own assessment of the severity, presence of any known exploits for the vulnerability, availability of patch/remediation, social chatter about the vulnerability, business criticality of the asset, etc. Based on these attributes in a weighted manner, the prioritization algorithm is able to arrive at an ‘Action Score’ for impact of the vulnerability for an organizational asset. Within each bucket (DoNow, DoNext) impacts are ranked in order to help address these in the right manner.

It is interesting to note that TW’s Machine Learning powered Vulnerability Scoring coupled with “Actionable Insights” ensures that for even late breaking vulnerabilities (i.e. which do not have a CVSS score nor CVSS vector assigned by NVD), TW is still able to provide automatic prioritization of impacts. This will be quite useful to organizations.

For more details on how your organization can better manage the vulnerability deluge, please contact us at info@threatwatch.io

Leave a Reply

Your email address will not be published. Required fields are marked *