Intelligent CISO Issue 74 | Page 34

PREDICTIVE intelligence

mistaken assumption . Yes , a vulnerability may be critical and of highest severity , but this vulnerability is more or less relevant to your own organisation because of the threats that target it . This is where custom likelihood comes in . Understanding your own likelihood is critical for prioritisation and triage .
The modern enterprise has a new wealth of internal and external data to make more data-informed choices regarding actions to take , and the threats to respond to . While exposure is an important input into the risk equation , it only really has relevance once certain elements of the vulnerability lifecycle are hit .
For example : What is the cost for adversaries to develop exploitation tools for the vulnerability , or is it now available within the existing off-the-shelf attack tool sets ? This is one of the largest influencers of likelihood of it targeting the masses . Does exploitation of the vulnerability result in a situation that fits into the threat actor ’ s tools , techniques and procedures ( TTP ) sweet spot , meaning it ’ s easy for them to execute upon their objective ?
Making data-driven decisions
These are elements that the enterprise has absolutely no control over but can get visibility into to get ahead of the response process if answers to any of these questions is ‘ yes ’. Or they can be used as critical inputs into a decision process to stop current mitigation efforts , and pivot to other issues that are potentially more likely to impact the organisation . This is where using threat intelligence in conjunction with established vulnerability management practices can help organisations identify , prioritise and remediate vulnerabilities that have a higher risk profile or have the potential to have a greater impact on an organisation .
To aid practitioners in vulnerability triage , it is desirable to have a list of vulnerability identifiers , presented in a prioritised list for mitigation . With the likelihood of exploitation being a key multiplier within the risk equation , it ’ s critical to have accurate , up to date and verifiable information that can help the organisation understand the details of likelihood .
By combining information available from a variety of public and private , internal and external sources , prioritisation lists can be improved for greater accuracy . Automated assessment and scoring of a vulnerability likelihood is only now possible across the many disparate data sources by consolidating data into a single record of truth about what is known about the vulnerability .
34 WWW . INTELLIGENTCISO . COM