Plugging a vulnerability scanner into your environment can tell you where your vulnerabilities reside.
Chances are, you’ll be quickly overwhelmed by the sheer number of vulnerabilities present in your environment that it may become more IT “white noise,” relegated to “when we get around to it” mentality.
Recognizing this challenge, NorthStar enters the picture to help you make sense of it all and to focus remediation. Building upon the Asset Superlist foundation, NorthStar’s Vulnerability Tracking can be leveraged in two impactful steps to assist navigation through the vulnerability landscape:
1. CVE Intelligence feeds
Though your vulnerability scanner can tell you “where”, it may lack depth in the “how” and “why”. Depending on your needs, the “how” may be of vital importance in where you decide to focus remediation. You may decide to focus on all “remotely accessible” vulnerabilities first, or perhaps ones where no authentication is required – for example. Your vulnerability scanner may give you a risk rating or CVSS score, but it may not dive into that level of “how”.
Another limitation of a vulnerability scanner is that its data is limited to what it scans. So, if scans fail for a certain site and/or some environments cannot be scanned (ie: a TELCO backbone), then you have a vulnerability blindspot. However, since NorthStar can marry vulnerabilities with CVE information, it also knows where those vulnerabilities *can* manifest (via CPE-Common Platform Enumeration). So, NorthStar isn’t just limited by vulnerability scan data, it can reveal potential exposures based upon your OS & installed software footprint.
NorthStar can digest feeds from NIST.GOV (Mitre) and Symantec Deepsight. Daily checks for updated CVE information are made to either or both sources and stored in NorthStar.
2. Ingest Vulnerability Scan Data
Similar to the Asset Superlist, NorthStar also boasts predefined -yet extensible- structures for your vulnerability scan data. After connecting to the data gathered by your vulnerability manager(s) (either by web api, flat file or database connection) NorthStar can aggregate the data for use in several different cases.
- Simple Visualization
- Associate Vulnerabilities to the robust asset information present in the Asset superlist
- Trend the data across meaningful asset classifications/groupings
- Search for conditions present in your environment, cross-reference by vulnerabilities present
Tying it all Together
What does it look like when all of this data is brought together?
Perhaps simply searching for a particular CVE is present in your environment is useful:
And/or drilling into that data to gain information about the CVE:
Leveraging Symantec’s worldwide, massive threat intelligence network is also possible for an explosion of additional information about each and every CVE:
Of course, one strong use case revolves around remediation. When faced with a mountain of vulnerability scan data, how do you decide what to remediate first? With NorthStar’s Vulnerability Tracking system, you can decide to remediate across many more risk values and/or based upon the robust asset data in the Asset Superlist (by business unit, location, business application, and much more):
* All screenshots from actual environments running NorthStar Vulnerability Tracker