We are excited to announce that Core Vulnerability Insight 5.5 is now available for general release! Core Vulnerability Insight is meant to enhance your vulnerability management process. Massive amounts of vulnerabilities are generated as a result of both network and web scanning activities at medium and large organizations. To protect critical business assets and mature their vulnerability management programs, these organizations require a more effective way of prioritizing and validating vulnerabilities. Vulnerability intelligence solutions are critical for:
Vulnerability Consolidation & Filtering The first stage of Core Vulnerability Insight value add is to consolidate Network and Web Scan data from multiple scanners into one organized database. Today, security professionals suffer from having data in multiple products with limited ability to consolidate or filter this information. They are also hampered by the ability to create reports with content that is filtered via security criteria for distribution to IT remediation teams, other security organizations, and management.
Exploit Matching The second stage (and currently where most of our customers are using Vulnerability Insight, takes consolidated data and creates exploit matching campaigns. The intent of the campaigns is to convert the “potential of vulnerabilities” into definitive risk. In this stage, exploits act as the risk proxy and allow the security teams to remediate in a more focused manner. Again, the need for output is always of paramount importance.
Attack Paths Attack paths deliver the most valuable (in terms of risk) prioritization to vulnerabilities. This stage moves the vulnerability/exploit from a single autonomous risk point to a threat directly related to a company’s critical asset. This is accomplished by integrating a combination of scan data, exploit data, network topology information and critical business asset data. The result is a subset of systems whose vulnerabilities can directly affect business operations.
Validation The last stage provides validation that suspect exploits are in fact exploitable. Essentially, this is pen testing with the notable difference that validation is done on a prioritized list of highly vulnerable systems. Most Red Team testing is done in a sampling model, e.g. Red Team members go to the 3rd floor of the Boston office and attempt to breach a system or set of systems. The value of Vulnerability Insight is that it provides a clear set of target systems based on the analytics performed earlier in the process.
Data Output For ease of consumption, the Data Output stage stands as a separate stage in the customer process. In reality, it is an adjunct to each of the preceding stages. Every stage requires that the data be made available to customers as they evolve through the phases of Consolidation, Exploit Matching, Attack Paths, & Validation.
Core Vulnerability Insight 5.5 includes the following new enhancements:
- Support for 750K assets: The Asset Store now allows for the ability to consolidate large enterprise scanner results in a single instance. This is double the capacity of our largest installed account.
- Campaigns of up to 50K assets: Campaigns can now hold larger sets of data. Campaigns allow security teams to automate the process of identifying weaknesses in corporate networks. By running campaigns on a continuous basis, CISOs can track security trends over days, weeks, months, or years.
- Migration to Redhat 7.1.x Enterprise: Up to date platform allowing for migration to latest technologies and security enhancements.
- Continued conversion from Adobe Flex to HTML5: Removal of Adobe Flex continues to be a high priority in this and future releases. Updated forms include Asset Import Config, User Role Management, Topology Import. The complete removal of Flex is expected to be in VI 6.0.
- Certified support AWS EC2: Vulnerability Insight 5.5 is now certified to run as an AMI in AWS. We currently have a couple of large customers looking for this official certification by our development team.