Third Party Cyber Risk Management (TPCRM) is incomplete!
Overview In this blog article, let us take a look at the current approach to Third Party Cyber Risk Management (TPCRM), what it leaves on the table and what is really desirable. Most organizations today work closely with their business ecosystem which is key for business continuity. This business ecosystem includes but is not limited […]
Policy Driven Controls Assessment – Bridging the gap between letter and spirit
Information security polices outline the guiding principles for organizations outlook towards security and privacy and also holds itself accountable to its shareholders and consumers. Policies impact both technology and human decisions. There is always an effort to align technology solution with policies. The real challenge is to be able to enforce policies and flag violations […]
Improving efficacy of AI/ML model to predict exploitability score for vulnerabilities
In an earlier blog, I talked about how machine learning can help predict exploitability score for a vulnerability. In this blog, I will elaborate on some of the finer aspects before comparing with an alternative means available. From a machine learning angle, it is important to identify & include relevant features and use a balanced […]
Introducing Attenu8 platform to predict exploitability score for vulnerability to aid in prioritization
In InfoSec stress is a given, especially given that the InfoSec team needs to be right every time while bad actors need to be right only once. Vulnerability scanners overwhelm InfoSec teams, since these tools spew out a torrent of vulnerabilities. The whole scanning paradigm has outlived its value, but more about in a separate […]
Predicting exploitability for a vulnerability as first step towards weaponization
Every piece of code is a potential source of vulnerabilities. This could be operating systems, containers, databases, web servers and the list just goes on. It also includes hardware devices like L2 / L3 network devices, healthcare devices, IOT devices and more. To further compound things, the rate at which vulnerabilities are discovered is growing […]
Malware prediction
Data Science and commercially available AI/ML implementations now make it possible to predict whether a vulnerability can be weaponized into malware. This could be a critical moment in cybersecurity as it allows vulnerability management to be truly proactive and reduces the remediation workload. But why bother with this? And even if we did, how could […]
Manage the vulnerability deluge with “Actionable Insights”
The number of vulnerabilities being reported has just been growing over the years. The below chart help depict how the count of vulnerabilities has grown significantly (though not yet exponentially) over the recent years. Note it is apparent from the chart how ThreatWatch provides better overall vulnerability intel coverage, apart from standard sources like NVD. […]
Machine Learning (ML) powered vulnerability scoring for better prioritization
Most organizations face challenges with prioritizing risk from a new vulnerability or threat. At times, late breaking threats do not provide a severity assessment. The standard way to identify the key characteristics of a threat is using CVSS (Common Vulnerability Scoring System). CVSS provides a Vector (based on key dimensions / attributes of the threat […]