deepseas-red

Resource / deepseas-red

Demystifying Vulnerability Management with DeepSeas

In this video demonstration and written guide, we will provide an overview of how DeepSeas demystifies vulnerability management.

Ever see a security report with 100,000 vulnerability alerts? 

It’s not uncommon for those of us in cybersecurity, and particularly those focused on vulnerability management, to see alert counts this high and even higher.

It can be daunting. 

Even paralyzing. 

But it doesn’t have to be this way for you. 

We know cyber tools bring us a lot of data and reveal vast quantities of potential vulnerabilities. That’s great, but how do we take the next step to mitigate risk effectively and extract value from these tools efficiently? 

Get Quote for Vulnerability Assessment

Are all alerts from cyber tools created equal? 

Most companies are very precise in their service level agreements and put a lot of time and energy into this initial part of the process, which results in highly granular alert reports. This is a great first step, but it’s also a double-edged sword.

Not every company spends the time necessary or has the resources available to synthesize the many alerts they receive into a realistic action plan that optimizes the most efficient path to organizational safety and audit assuranceUnlike those driving the audit trails, cybersecurity professionals know that not every alert requires fast action. 

Think of your vulnerability management program like a funnel. When alerts come through, a variety of filters can be applied to assess and identify the most immediate risks — the ones that should be acted upon with the most haste. 

Not all vulnerabilities need immediate attention. Not all vulnerabilities even have a solution.

We must face the reality of finite resources and use our time efficiently. Within every organization, there should be a focus on the vulnerabilities that are most likely to be exploited and with the most potential negative impact…or the ones most likely to be exploited for money.

This is often when DeepSeas is brought in to complete specific analysis and consult for organizations who have trusted our crew to transform their cyber defense programs. Below, we’ll cover a few of the key ingredients we share with our clients.

Get Quote for Vulnerability Assessment

What does a solid vulnerability management program require?

A strategy and process for vulnerability management and triage with a variety of filters will:

  1. Find vulnerabilities
  2. Rank vulnerabilities
  3. Assign a time window for resolution
  4. Fix

At DeepSeas, we apply qualitative analysis and intelligence to our reporting to act as a sieve in the funnel. Let’s look back at the100,000 alerts example and apply the first common filter:

Where do we have intel correlation with the alert?

The first filter for finding alerts uses KEVs (Known Exploited Vulnerabilities), the ones we know attackers are already exploiting in the wild for profit. This data is available from proactive threat intelligence that we conduct on behalf of our clients at DeepSeas. In our sample scenario, using this filter can reduce our focus from 100,000 to 50,000 alerts. 

Yet more alerts remain, so now we need to apply more filters. 

The next filter, “asset criticality,” ranks the remaining alerts and can take us to 30,000 remaining vulnerabilities as we ask:

Are the systems and data impacted mission critical?

The vulnerability management process continues from here. Additional filters are applied, and the number of truly critical vulnerabilities becomes more and more manageable. In our sample scenario, a few more common filters will bring us down to a more realistic list of 1,600 vulnerabilities. And we can keep going from there by comparing this list of 1,600 to the Known Exploited Vulnerabilities (KEVs) published by the Cybersecurity & Infrastructure Agency (CISA). This comparison can bring our list all the way down to 38. These are the “critical” vulnerabilities that need to be fixed within the next 30 days. Therefore, those risks and alerts are the ones we send to the front of the queue to “rank, assign, and fix.” We then assign and align those alerts to a change window for “solutioning.” 

Should your MDR provider guide your vulnerability management program?

As a market leading provider of Managed Detection & Response (MDR), DeepSeas combines a big data pipeline to logic, which generates and compacts vulnerability data. This is how we get to some very high alert counts. Therefore, we have a rigorous audit process driving us. More data is proportional to more audit. We need just enough data to be efficient and maximize safety but not so much that we spread ourselves too thin over the threat surface. 

Although it’s very important to be precise and careful, you don’t have to go it alone. We do vulnerability management every day at DeepSeas – finding the needles of critical vulnerabilities in the massive haystack that is alert data. Many organizations try to do this on their own, and that can be daunting. It’s okay to get help – that’s what our crew at DeepSeas is here for. 

Get Quote for Vulnerability Assessment

 

Back to All Posts