Need for machine curated vulnerability intelligence
It is my pleasure to share this blog article authored by Rohit Ghai, who we are fortunate to have as our advisor. Rohit is renowned in the industry and he currently serves as President, RSA Security. Recruiting machines to fight the vulnerability crisis A central pillar in any cyber resilience strategy is the idea of […]
Discovering your open source dependencies using twigs
Twigs is an essential tool for devops security to ensure that your open source dependencies are evaluated and tracked for vulnerabilities. As described in the earlier blog article – Getting started with twigs, one of the discovery modes supported by twigs is the discovery of open source dependencies as assets using the ‘repo’ mode. In this […]
Learning From History – The Conficker Outbreak
History is a great teacher and provides us with a wealth of learning. The learning from the past is relevant not merely for anecdotal reasons but also for the wisdom that we can gain from it. Dipping into this pool of history can help to comprehend the present, improve our response and avoid mistakes that […]
Host discovery using twigs
As described in the earlier blog article – Getting started with twigs, one of the discovery modes supported by twigs is host discovery. In the host discovery mode, twigs will collect required metadata from the host to perform no-scan vulnerability assessments. The host discovery mode supports local and remote discovery. Local refers to discovery of the […]
Getting started with ‘twigs’
Introduction The bedrock of asset discovery in ThreatWatch is ‘twigs’ (short for ThreatWatch Inventory Gathering Script). twigs is a python based open source utility script maintained by ThreatWatch. twigs aims to provide a simple extensible interface to all types of assets and asset management systems in order to discover the metadata required by ThreatWatch to […]
Avoid vulnerability creep via 3rd party softwares
Earlier last month NIST released a draft copy of CyberSecurity White paper titled “Mitigating the risk of Software Vulnerabilities by adopting a Secure Software Development Framework [SSDF]” for comments. The paper highlights how few software development lifecycle [SDLC] models explicitly address software security in detail and it recommends a core set of high-level secure software […]
Weekly Reserved CVE Actionable Insights ( June 23rd 2019 )
What are reserved CVE’s ? Reserved CVE’s are NVD records for confirmed vulnerabilities with little to no information. In most cases there is no information available. ThreatWatch’s prediction model, “Coeus“ goes through all the related information about these CVE like attack vector type, social chatter and vendor advisories, and arrives at a CVSS vector and […]
Are you weary of sharing your cloud credentials with your vulnerability management SaaS provider?
If not, then you should be…and here’s why. Most organizations leverage clouds providers (like AWS, Azure, etc.) extensively these days. Typically public cloud is an integral part of the overall roadmap, with most organizations having some form of a hybrid model. The hybrid model involves a private cloud (internal managed data center) along with a […]
Unpatched software – the single biggest security risk.
Lately I have been going through recorded sessions from RSA Conference 2019. Thanks RSA for making these recordings available. This particular session “In the wake of an attack – Thoughts from a seasoned CISO” caught my attention and I listened to its playback. It is around 45 minutes for those of you who are […]
CI/CD – vulnerability detection and integration. Are you overlooking the risks ?
Recently the industry has seen a trend where organizations are moving rapidly to integrate vulnerability detection tools as part of their CI / CD environments. That’s a step in the right direction only if the risks that emanate out of those integrations are carefully considered and mitigated. Unfortunately we don’t see much evidence of due […]