Intelligence Driven Vulnerability Patching
In today’s modern IT environment, knowing what vulnerabilities exist is an absolute necessity. Vulnerabilities and exploits are constantly sold, published and shared on the surface web, social media and dark web. The problem is how you keep up with threats that impact your business today. How do you decide which patch to push and which patch to delay?
Financial Firm Monitors for Proof of Concept Code & Exploits In the Wild
One of the most important patches to deploy or to justify an emergency patch is a vulnerability that is has a proven remote code execution exploit in the wild. Once the exploit is in the wild, it’s a race to mitigate the attack with the network defense or it’s time to stop everything and patch the vulnerability. A financial firm’s cyber intelligence team precisely does this with DigitalStakeout Scout. They monitor for online chatter of zero-day attacks, proof of concept code and chatter of how-to examples which drive the availability and possibility of the exploit being used in the wild by a wider range of threat actors.
Monitoring for New Exploits on Surface Web, Social Media and Dark Web
There is a myth that exploits are mostly on the dark web. In the generation of sharing and socialization, not may things stay a secret on the web. When exploits are created, researchers and hackers take to social media and forums to share their accomplishments. In many cases, RCEs make their way around the globe in hours. This financial firm monitors for the emerging threat on a 24 x 7 basis. The team also monitors for chatter about the impact of patches from key vendors to help determine if there is any risk of deploying an emergency patch into a production environment.
Collecting & Automatically Prioritizing Cyber Threat Intelligence From Multiple Sources
DigitalStakeout Scout Monitors enable the company’s security analysts to collect and unify chatter about threats, vulnerabilities and attacks. The cyber intelligence team is monitoring Twitter in real-time, forums like Full Disclosure or verified commits to Exploit-DB. The team monitors hundreds of sources to maintain situational awareness of the threat landscape. Using our rule-based tagging and word-list features, the team automatically prioritizes mentions. This dramatically reduces the analysis workload and alert fatigue when exploits start to go viral.
Patch Management is Aligned with Business Risk
The rapid detection of vulnerability and exploit chatter enables the company to take quick action to protect IT assets and data. With DigitalStakeout Scout, the stream of data that comes from all this collected information is turned in the actionable intelligence that protects the business. As a result, the company was able to reduce the time to recommend and deploy an emergency patch by 72 hours. This data-driven approach to vulnerability management has increased collaboration with other teams in the organization. This time savings achieved from collecting and analyzing threats dramatically reduces the organization’s cyber risk and potential to take a data breach from this vector.