New capability simplifies the challenge of prioritizing CVEs for faster triage and remediation
Enables organizations to focus resources on the vulnerabilities most likely to be exploited against them
Digital Shadows announces the launch of a new Vulnerability Intelligence module within SearchLight. The new capability enables security teams to rapidly identify which of the many thousands of Common Vulnerabilities and Exposures (CVEs) they should focus their limited resources on and how they can prevent criminals from exploiting them.
The new module, within Digital Shadows SearchLight™, is powered by nine years of collected data from its analyst team which actively monitors criminal forums to assess how vulnerabilities are being exploited and against which type of organization. This is combined with continuous monitoring of code repositories, paste sites, social media, vendor websites, and advisories to provide a comprehensive view of real-world interest and exploitation. A dedicated team of analysts provide additional research, remove unnecessary noise, and provide a source assessment for each related event.
Top iTechnology Security News: Rand Partners with Hacken for Security & Smart Contract Audits!
The capability improves several existing workflows. First, clients can search for technologies they use to search for evidence of exploitation and other risk factors–ensuring they are scanning for the vulnerabilities that can pose the biggest risk. Second, security professionals can use the context within CVE Profiles to inform responses to high-profile vulnerabilities. Finally, clients will be able to bulk prioritize a large list (up to tens of thousands) of CVEs – a simple copy and paste function will provide them with a ranking of the most serious pertaining to their organization for further escalation.
Russell Bentley, Vice President of Product at Digital Shadows, comments: “Enterprises use hundreds, if not thousands of various types of software, and tens of thousands of vulnerabilities are announced every year. There are not enough resources to triage this, let alone test and apply all the patches to fix them. Organizations often rely on the CVSS (Common Vulnerability Scoring System). It’s a good baseline but unfortunately, these scores can be hypothetical rather than a reflection of whether these CVEs are being exploited by threat actors.”
Alastair Paterson, Co-Founder and CEO, continues: “The functionality we are announcing today cuts through the noise and enables organizations to focus on only what is critical to them. Instead of relying on a vendor’s arbitrary risk score (which can be opaque) security teams can filter by just the risk factors they care about. All evidence and content is then shown in the CVE profiles which are powered by actual intelligence based on criminal behavior and conversations.”
Top iTechnology Cloud News: WANdisco Partners with Oracle to Provide Zero-Cost Migrations to Oracle Cloud Infrastructure (OCI)
[To share your insights with us, please write to sghosh@martechseries.com]
