Wednesday, November 29, 2023
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Top 3 Tips to Identify Quality Vulnerability Intelligence

Researcher by Researcher
October 23, 2022
in Cybersecurity
0
Top 3 Tips to Identify Quality Vulnerability Intelligence
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


Vulnerability intelligence tools can be very useful to prioritize the key threats security professionals need to take action on for their organization, but it’s important to remember that some are better than others.

Cybersecurity EDR tools comparison.
Image: Michael Traitov/Adobe Stock

Vulnerability intelligence, defined as threat intelligence that is specifically applied to vulnerability information such as common vulnerabilities and exposures, solves a very real problem in vulnerability management. When vulnerabilities are prioritized by conventional means, such as common vulnerability scoring systems, 70-80% of the vulnerabilities in your network will “need action” almost immediately. This is not a sustainable workload and is a key reason why vulnerability management programs fail. A better solution to this problem is using vulnerability intelligence to help with remediation prioritization.

There are many threat intelligence products on the market available via data feeds that you correlate yourself. You can integrate these into your vulnerability scanner or aggregation product that enriches the data from other scanners and provides searching, dashboarding, reporting or other capabilities. Most security practitioners would rather have almost any vulnerability intelligence product on the market rather than simply going by CVSS.

SEE: Mobile device security policy (TechRepublic Premium)

However, there are some key differentiating factors to consider when looking at vulnerability intelligence tools, as not all vulnerability intelligence is created equal. Let’s look at three attributes of quality vulnerability intelligence.

Top 3 tips to identify quality vulnerability intelligence

Goes beyond exploit data and considers breach data

If your vulnerability intelligence is limited to telling you if exploits exist in the wild, without telling you anything about how popular or reliable those exploits are, your program is going to be less successful. A quality vulnerability intelligence feed or product will have some examples of exploitable vulnerabilities that nevertheless pose a low risk.

Must-read security coverage

How can a vulnerability be exploitable and low risk? Reasons vary. Sometimes the available exploits are hard to use, the available exploits aren’t very reliable, or they make a lot of noise. When evaluating a vulnerability intelligence feed or product, it’s important not just to look at what they have to say about famous vulnerabilities like MS08-067 or Heartbleed. Look for some examples that your scanner flags as exploitable but the feed says are low risk.

If your feed doesn’t have any of those, it’s not considering whether the vulnerability shows up in breach data, and therefore isn’t any more useful than what we’ve been able to get out of a scanner alone since the early 2010s.

Breach data is far more useful than exploit data. If threat actors have successfully exploited a given vulnerability in a recent breach, it stands to reason they are more likely to try that same vulnerability against you.

Provides data and analysis to back up why it’s important

Years ago, I flagged a certain vulnerability as a top risk based on a vulnerability intelligence product I was using at the time. The update was easy, but a member of the IT organization saw an opening and decided to use it.

It was an information disclosure vulnerability. He stood up and said: “Red Hat says this vulnerability is low severity. You’re telling me you’re smarter than Red Hat?”

Unfortunately, all I had to go by were some attributes from the vulnerability intelligence provider. One of their sources had seen it in breach data, but there was no analysis beyond it: not even the name of the source. Red Hat made a stronger case.

The best antidote to these kinds of arguments is to have good analysis available on demand. Good vulnerability intelligence builds a strong case for why they rated a vulnerability the way that they did, what mitigations or compensating controls may be available and gives a competent security professional enough information that they can make a rational decision or recommendation — not just with iconography, but with actual words.

Analysis answers “the five W’s”

Quality analysis attempts to answer as many of the classic questions — who, what, when, where, why and how — as possible. Let’s apply them to vulnerability intelligence:

  • Who is using the vulnerability and/or who discovered the activity?
  • What malware kits take advantage of the vulnerability and/or what is the threat actor accomplishing by using the vulnerability?
  • When did evidence of the activity begin to surface?
  • Where are they targeting?
  • Why else is this vulnerability noteworthy?
  • How does the attack work?

When you pull up any random vulnerability in your vulnerability intelligence feed or product, the fewer answers the analysis has for these or similar questions, the lower its rating should be. If it’s a critical vulnerability according to their assessment, you should be able to answer four or five of those questions, or something very similar to those questions.

If your vulnerability intelligence feed or product cannot answer four or five of those questions on something it deems critical, it’s not a quality feed. Providers should be able to talk about how the attack works and offer some evidence of some activity around the vulnerability.

Evaluating vulnerability threat intelligence

The human mind is a tricky thing. We tend to weigh criticisms seven times as heavily as compliments. If the vulnerability intelligence feed is right 87.5% of the time, it feels more like 50%. Keep that in mind when evaluating a vulnerability intelligence feed, or for that matter any other security product.

We also need to be honest with ourselves. At the time of this writing, there were more than 188,000 known CVEs. It’s simply not practical for most organizations to analyze and assess every single one themselves. And, if you haven’t noticed, there is a shortage of good remediators and good security analysts in the workforce right now. Buying a good vulnerability intelligence product is a smart way to maximize your internal human resources. You equip them with the information, and they can use that information to work more productively and effectively.

David Farquhar
David Farquhar

David Farquhar has over 20 years of experience in IT security including serving as the Technical Account Manager for Qualys where he worked with customers to ensure they were following the best cyber practices. He currently serves as Solutions Architect for Nucleus Security.



Source link

Related articles

Sentra Raises $30 Million for DSPM Technology

Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach

August 13, 2023
Minimizing Risk Through Proactive Apple Device Management: Addigy

Minimizing Risk Through Proactive Apple Device Management: Addigy

August 12, 2023
Tags: IdentifyintelligenceQualitytipsTopvulnerability
Share76Tweet47

Related Posts

Sentra Raises $30 Million for DSPM Technology

Northern Ireland’s Top Police Officer Apologizes for ‘Industrial Scale’ Data Breach

August 13, 2023
0

Northern Ireland’s top police officer apologized Thursday for what he described as an “industrial scale” data breach in which the...

Minimizing Risk Through Proactive Apple Device Management: Addigy

Minimizing Risk Through Proactive Apple Device Management: Addigy

August 12, 2023
0

Enterprise IT teams are struggling to cope with three major forces of change: the evolving regulatory environment, a globally dispersed...

Decipher Podcast: Katelyn Bowden and TC Johnson

Decipher Podcast: Katelyn Bowden and TC Johnson

August 12, 2023
0

Veilid main site: https://veilid.com/ Cult of the Dead Cow site: https://cultdeadcow.com/ Source link

In Other News: Government Use of Spyware, New Industrial Security Tools, Japan Router Hack 

In Other News: macOS Security Reports, Keyboard Spying, VPN Vulnerabilities

August 12, 2023
0

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under...

Used Correctly, Generative AI is a Boon for Cybersecurity

Used Correctly, Generative AI is a Boon for Cybersecurity

August 12, 2023
0

Adobe stock, by Busra At the Black Hat kickoff keynote on Wednesday, Jeff Moss (AKA Dark Tangent), the founder of...

Load More
  • Trending
  • Comments
  • Latest
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
Supply chain efficiency starts with securing port operations

Supply chain efficiency starts with securing port operations

March 15, 2022
Microsoft to Block Macros by Default in Office Apps

Qakbot Email Thread Hijacking Attacks Drop Multiple Payloads

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

November 28, 2023
Staying safe when shopping online this holiday season

Staying safe when shopping online this holiday season

November 28, 2023
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 28/11

November 28, 2023
North Korean Hackers Exploiting Zero-day Vulnerabilities

North Korean Hackers Exploiting Zero-day Vulnerabilities

November 28, 2023

Recent Posts

ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

ID Theft Service Resold Access to USInfoSearch Data – Krebs on Security

November 28, 2023
Staying safe when shopping online this holiday season

Staying safe when shopping online this holiday season

November 28, 2023
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 28/11

November 28, 2023

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • LetsAskBinuBlogs
  • Malware
  • Networking
  • Protection

Tags

Access attack Attacks banking BiWeekly bug Cisco cloud code critical Cyber Cybersecurity Data Digital exploited financial Fintech Flaw flaws Google Group Hackers Krebs Latest launches malware Microsoft million Network News open patches platform Ransomware RoundUp security Software Stories TFT Threat Top vulnerabilities vulnerability warns Week

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved