Vulnerability management is a major cybersecurity strategy that many organizations never seem to successfully solve.
The threat landscape is evolving, fueled by digital transformation, remote work, and ecosystem complexity. About a third of the recent attacks are based on the exploitation of vulnerabilities in software that companies use.
Some industry reports show that about 50 new vulnerabilities of different software pieces are published daily. In many cases these are being exploited in order to launch new attacks. These current conditions require businesses to respond to risk quickly and comprehensively.
The cybersecurity industry rides herd on the constant discovery of software weaknesses using notifications known as Common Vulnerabilities and Exposures (CVE) alerts. In essence, this provides IT departments with a whack-a-mole approach to what needs to be patched.
The issue is actually patching the software containing the vulnerabilities. No centralized process for developing patches for known vulnerabilities exists. When patches are available, installing the software fixes is an ongoing, uncontrolled, catch-as-catch-can process.
That problem is worsened by how deeply open-source code is integrated throughout the software supply chain. With no single source of code development, even proprietary products contain open-source code modules.
At Black Hat USA last month, cybersecurity threat intelligence provider Cybersixgill announced a new solution to reduce risk by accelerating companies’ time to respond. It delivers what could be the cybersecurity industry’s first end-to-end intelligence tool to combat the CVE lifecycle.
“Given the high volume of attacks using vulnerability exploitation as the initial means of infiltration, companies require vulnerability management solutions that give them the data and context they need to understand where their greatest business risks lie fully,” said Gabi Reish, chief business development and product officer for Cybersixgill.
This new Dynamic Vulnerability Exploit (DVE) Intelligence platform provides automation, and adversary technique mapping. It also uses rich vulnerability exploit intelligence to streamline vulnerability analysis.
Cybersixgill figured out an unusual approach to doing this process. It dives deep into where bad guys hang out to snoop on their snooping.
The company’s cyber sleuths tap into deep and dark web surveillance to find what hackers are plotting before they strike. The DVE Intelligence platform refines vulnerability assessment and prioritization processes by correlating asset exposure and impact severity data with real-time vulnerability and exploit intelligence.
This approach arms IT teams with the critical context needed to prioritize CVEs in order of urgency and remediate vulnerabilities before they can be exploited and weaponized in attacks, according to Cybersixgill.
This method brings a new element to traditional cybersecurity platforms. DVE Intelligence provides comprehensive context directly related to the probability of attack exploitation. As a result, IT workers have the ability to prioritize CVEs in order of urgency and remediate vulnerabilities before they can be exploited and weaponized in attacks.
According to IBM’s X-Force Threat Intelligence Index 2022, vulnerability exploitation has become the most common attack vector for cybercriminals. It is one of the top five cybersecurity risks businesses face today.
To properly address this situation, organizations need to be aware of their vulnerabilities and the level of risk each poses to prioritize remediation activities. Companies also must understand how the risk of any trending vulnerability can impact new applications or hardware investments.
The DVE platform offers these chief features and capabilities:
- The interface enables customers to identify and scope the particular assets, CVEs, and Common Platform Enumeration (CPEs) that pose the most significant risk to their organization.
- Automated mapping of products to relevant CVEs brings a critical tool for reducing false positives so IT teams only have to focus on those vulnerabilities that affect their existing IT assets and infrastructures.
- Mapping of CVEs to MITRE ATT&CK framework provides vital insight into the higher-level objectives of the attacker, as well as the likely method and potential impact of exploitation.
- DVE Intelligence continuously monitors vendor sites and MITRE CVE records to present comprehensive remediation information, instructions, and links directly within the DVE interface, dramatically reducing Mean Time to Remediate.
Most vulnerability prioritization technologies rely on external data sources. This often slows the ability to rate new threats. The DVE Intelligence platform equips security teams with its own real-time intelligence and context.
Fending Off Cyberattacks
The biggest questions organizations face are knowing where to focus and how to respond, according to Reish. Potential attackers have near limitless resources from their underground sources to forge an attack.
“We are collecting a lot of information about what are they sharing, what they are trying to exploit, and what malware they are trying to get,” he told The E-Commerce Times.
The bad actors build exploit kits to weaponize these vulnerabilities. Based on our regular conversations with sources, we think that there is a high likelihood of being exploited on any given day through vulnerabilities that are published on a daily basis. This is where cybersecurity and governance play, Reish offered.
“We’ve taken all of our data that we are collecting, and we turned it into actionable insights by enabling customers with tools and mechanisms to prioritize which vulnerability they need to take action upon based on the computers and software that they are running,” he said.
Cybersixgill does this with automatic tools they developed to collect information from all the different locations and spaces where threat actors work and hang out in the dingy regions of the dark web.
The company’s researchers are present in the forums cybercriminals are building to transact between themselves and sell malware and exploit kits.
In most cases they do not develop their own ransomware malware. They buy it. They buy access to a company, and they buy a ransomware kit or malware kit to do their crimes, Reish elaborated.