PREDICTIVE intelligence
How threat intelligence can improve vulnerability management outcomes
Amid dynamic threats , organisations must employ a robust , riskfocused approach to vulnerability management . Chris Jacob , Global Vice President , Threat Intelligence Engineers , ThreatQuotient , shares his thoughts on why leveraging data-driven threat intelligence streamlines prioritisation , resource allocation and process automation for enhanced security . t might surprise you to know that
I more than 70 new vulnerabilities are published every day . Despite their risk-reducing value in helping SOC teams address these , vulnerability management solutions have drawbacks . Often , they only provide a snapshot of an organisation ’ s vulnerabilities at a point in time .
In fact , owing to their nature , vulnerabilities identified today may not exist tomorrow , or they may appear and disappear intermittently . This leaves security teams scrambling to understand not only what the risk is , but how it affects them and where they should start first with any remediation .
Often vulnerability management solutions struggle to support SOC teams effectively , meaning they face an uphill battle with fragmented tools and data silos . This in turn creates major challenges around alert fatigue and overloaded SOC teams who , despite all the tools available to them , end up undertaking manual investigations to determine the best response .
The problems are complex and wide ranging
For those less familiar , vulnerability management is the practice of continuously discovering , classifying , prioritising and responding to software , hardware and network vulnerabilities . However , the problems with vulnerability management are complex and wide ranging , from technology to policy and governance . With the modern enterprise evolving to become more technologically distributed and cloud-aligned , the challenge is becoming even more multifaceted .
I say this because end-to-end visibility into an organisation ’ s technology stack is becoming harder to achieve , with shadow-IT only exacerbating issues . Limited resources result in cybersecurity maintenance tasks that are never completed . Additionally , the scope and impact of software supply chain risk is only just starting to become properly understood by those outside the software development industry .
Unfortunately , those that are responsible for patching and fixing software vulnerabilities are rarely involved in the technology selection process , leading to a lack of learning and improvement in technology selection choices . Layer onto this the escalating compliance landscape , and it is easy to see how overwhelming the task is . As a result , it is simply impossible to patch and mitigate every software vulnerability present in an enterprise network .
Historically , organisations would prioritise mitigation based on limited and inward-facing data , such as server versus workstation , an employee ’ s role , asset criticality , vulnerability score and patch availability . But despite this level of prioritisation , patching remains a time-consuming task . This approach also has limited effectiveness because it doesn ’ t consider knowledge of how that vulnerability is actively being exploited in the wild , and the risks associated by those adversaries leveraging it , to a company ’ s specific environment .
Not all assets are created equal
Most companies focus more on the consequences and severity of a vulnerability versus the likelihood they may be impacted . Of course both are important , but if you focus too much on severity and consequence , you may not see the complete picture . CVSS scores , for example , focus mainly on severity , with global values for likelihood that are assumed valid for all organisations – this is a
Chris Jacob , Global Vice President , Threat Intelligence Engineers , ThreatQuotient
Vulnerabilities identified today may not exist tomorrow .
WWW . INTELLIGENTCISO . COM 33