In InfoSec stress is a given, especially given that the InfoSec team needs to be right every time while bad actors need to be right only once. Vulnerability scanners overwhelm InfoSec teams, since these tools spew out a torrent of vulnerabilities. The whole scanning paradigm has outlived its value, but more about in a separate blog later. InfoSec teams struggle to prioritize these vulnerabilities and in turn struggle to determine which ones to address first. To further compound things, organizations typically use multiple vulnerability scanning tools for well rounded coverage (nothing wrong there), but this overwhelms InfoSec team further.
Ideally InfoSec teams would want to address those vulnerabilities (on critical infrastructure) which either have a known exploit or a fairly high degree of exploitability in the near future, everything else can wait. This seems simple enough till you realize that there is no way for InfoSec team to predict exploitability of vulnerability. Introducing Attenu8 platform from ThreatWorx. Attenu8 (pronounced as ‘Attenuate’) is AI/ML platform which comprises of multiple AI/ML models to make life simpler for InfoSec teams while improving overall security posture of the organization. Attenu8 is the right tool for InfoSec teams since it can help predict exploitability score for a vulnerability. Attenu8 takes this once step further by leveraging the predicted vulnerability exploitability score to arrive at overall prioritization by considering other key aspects which include but are not limited to:
- Asset criticality
- CVSS Vector and score
- Social chatter
- Availability of patch / remediation
Attenu8 platform is comprehensive and includes support for the following:
- Determining if a blog post or message bulletin is talking about a vulnerability. Extracting product and version information if needed. This is helpful in the automated vulnerability curation process to ensure that InfoSec teams know about vulnerability even before these make it to NVD.
- Predicting the CWE (Common Weakness Enumeration) for a vulnerability. CWE indicates the attack vector or type of vulnerability. Note certain attack vectors lend themselves nicely to an attack with low complexity i.e. low effort for the attack to craft the attack or exploit.
- Predict the CVSS vector and score for the vulnerability. Note though NVD provides these metrics, most late breaking vulnerabilities take time to trickle into NVD. Also quite a few open source vulnerabilities never make it to NVD. Absence of CVSS Vector and score metrics makes it difficult to prioritize. Read our earlier blog to know more.
- Predict exploitability score – This is a key factor in arriving at the prioritization. ThreatWatch Actionable Insights strives to keep things simple for InfoSec teams by providing clear prioritization using “DoNow” and “DoLater” buckets.
Attenu8 platform coupled with ThreatWorx’s machine powered vulnerability curation ensures correct prioritization for InfoSec teams. We understand that InfoSec teams leverage multiple vulnerability tools and they can import scan reports from other tools (like Nessus, Qualys and more) into ThreatWorx and leverage Attenu8 to get a prioritized list of vulnerabilities.
Attenu8 platform can help identify those top 5-7% vulnerabilities that need immediate attention. Thus help InfoSec team reduce their prioritized patching workload by over 80%. InfoSec teams only need to take care of patching or remedying the DoNow priority issues.