Get Smarter About Vulnerabilities

save
Share and earn Cybytes
Facebook Twitter Google+ LinkedIn Email

Get Smarter About Vulnerabilities

POSTED BY JULIAN DEFRONZO

Introducing CVE Indicator Types

While it may seem like you’re constantly hearing about a new attack method or cyber threat in the world, in reality, hackers are reusing exploits and tools as part of their campaigns. In fact, in most cyberattacks, criminals exploit some sort of security weakness — a vulnerability that is already known and for which a patch is currently available.

With the release of 3.1, the ThreatQ Threat Library now supports the inclusion of vulnerability data using the Common Vulnerabilities and Exposures (CVE) standard. This enhances the Threat Library to incorporate information on vulnerabilities from multiple threat intelligence providers to identify exploits involved in current ongoing campaigns and better protect against these types of attacks.

National Vulnerability Database Integration

In addition to supporting CVE indicators, as part of 3.1 we’ve also expanded functionality to many existing commercial intelligence feeds that include CVE and vulnerability data. ThreatQ now also supports an integration with the National Vulnerability Database (NVD) that pulls the entire CVE database into ThreatQ so that analysts can start tracking existing and new vulnerabilities while also providing additional context around a specific vulnerability.

The NVD provides access to vulnerability analysis on affected products/vendors and risk impacts based on the Common Vulnerability Scoring System (CVSS). ThreatQ supports this data as attributes tied to the CVE indicator (Figure 1). These attributes can be used in your custom scoring profile to bubble up those vulnerabilities that are most important to you and aid in prioritization of remediation (Figure 2).

CVE Indicator

Figure 1: CVE indicator details

 

Scoring rules CVE details

Figure 2: Scoring rules based on CVE details

Bringing Threat Intelligence and Vulnerability Management Together

With the number of vulnerabilities being discovered and announced on the rise, it’s hard for security teams to prioritize patching. By marrying threat intelligence and vulnerability data together, security teams have more data and context to form an action plan to address specific security measures. Combining threat intelligence with vulnerability management provides an extra level of information about risks that can be used for prioritization and to make informed decisions that strengthen security posture.

In future blog posts, we will take a deeper dive into other integrations in the vulnerability management space that further enhance ThreatQ’s self-tuning Threat Library and Open Exchange capabilities and your ability to protect against known security weaknesses.

To learn more, download our Vulnerability Application Note.

The post Get Smarter About Vulnerabilities appeared first on ThreatQuotient.

Share this post and earn Cybytes
Facebook Twitter Google+ LinkedIn Email
Follow
59 Followers
About ThreatQuotient
ThreatQuotient™ understands that the foundation of intelligence-driven security is people. The company’s open and extensible threat intelligence platform, ThreatQ, provides defenders with the context, customization and collaboration needed to ensure that intelligence is accurate, relevant and timely to their business. Leading global companies are using ThreatQ as the cornerstone of their threat operations and management system, increasing security effectiveness and efficiency. For more information, visit http://www.threatquotient.com.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 

Cybrary|0P3N

UNM4SK3D: WPA2, ATMs, and RSA Keys
Views: 438 / October 20, 2017
New Attack Against WPA2 “KRACK”
Views: 760 / October 20, 2017
How To Be Security Conscious
Views: 1119 / October 19, 2017
External IP Address Search Using Python Source Code
Views: 2428 / October 18, 2017
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel