The Benefit of CTU™ Intelligence in Vulnerability ManagementTaegis™ VDR now integrates Secureworks® Counter Threat Unit™ threat intelligence to enhance vulnerability prioritization By: Shaun Donaldson, Product Marketing
- Vulnerability management challenges are increasing
- Threat intelligence is a significant element of prioritization
- Taegis VDR now includes Secureworks CTU intelligence
Complexity is Compounding Vulnerability Management Challenges
Building an effective security vulnerability management program is hard, but world-class threat intelligence can help make it easier. Threat intelligence helps you understand how and where vulnerabilities are exploited in the wild, which indicates whether your organization could be at risk. The problem is, integrating threat intelligence into a vulnerability management program is difficult.
Fortunately, a new feature in Taegis Vulnerability Detection and Response (VDR) makes it a lot easier. Threat intelligence from the Secureworks Counter Threat Unit is now fully integrated with Taegis Vulnerability Detection and Response, so vulnerability prioritization is backed by constantly updated intelligence from a team of expert threat researchers.
This integration adds five new factors VDR considers when automatically prioritizing vulnerabilities in your environment. This brings the total to nearly 50 factors, including ones specific to your environment, that VDR uses to prioritize vulnerabilities based on risk.
Integrating Threat Intelligence – Easier Said Than Done
Historically, integrating threat intelligence with security vulnerability management has been a messy business. Identifying high-quality threat intelligence feeds and integrating them into vulnerability management process is often a challenging undertaking, especially if the goal is to have a continuous and comprehensive process. The difficulty and costs of building automation in-house means most organizations decide against it.
This has left companies in a sticky situation: Without comprehensive risk-based prioritization of vulnerabilities, focusing remediation efforts like patching or web application updates is unattainable. For example, simply relying on severity scores of vulnerabilities doesn’t provide a true picture of the risk the vulnerability poses within the context of your environment.
A Straightforward Solution
A severity score is only one part of the risk profile of a vulnerability. For example, a high severity vulnerability that is difficult to remotely exploit and resides on an isolated system deep in your network is prioritized as relatively low risk. On the other hand, a medium severity, easily exploitable vulnerability on one of your public-facing systems that also has access to other critical and vulnerable systems is high risk. These are simplified examples, but they illustrate how global and local context prioritizes based on risk (a product of likelihood of exploit and the impact of being exploited), and not simply severity.
Taegis VDR automatically assesses all the relevant factors in an environment to prioritize vulnerabilities. The result is a list from the highest risk vulnerability in your environment to the lowest risk, based on many factors. Threat intelligence from the Secureworks CTU now contributes to several of these factors, enabling mitigation efforts to have the greatest possible impact on the risk profile of your organization.
Want to see more? Request a Taegis VDR demo today.