Five Architectural Requirements for an Agile Vulnerability Intelligence Platform

This is the third post in a three-part series on Agile Risk Intelligence. The complete Agile Risk Intelligence e-book is now available.

With vulnerability scanners deployed across the stack and the organization, security managers are swimming in data, but struggling to make sense of it. As I blogged about previously, current approaches lack the context and global visibility to deliver meaningful insight. Without this insight, security management teams lack the time, tools and process to proactively reduce global exposure. Vulnerability intelligence solutions must shift their orientation across many dimensions, from data aggregation to understanding risk and many others. This shift is summarized in the table below. Any vulnerability intelligence solution must be oriented around this new approach.

Our goal when designing our vulnerability intelligence platform was to close these context, visibility, resource and process gaps to enable security management teams to be agile and effective in understanding and reducing IT risk. Our design principles for building the solution are described in the table above. With these goals and principles in place, we defined five key requirements. They are:

1. Rapid & Broad-Data Ingestion – A centralized data repository is needed to aggregate security data on all applications, network devices, servers and databases quickly and present all of this information in one place.

2. Extensible Correlation Engine – A correlation engine will track each vulnerability throughout its lifecycle, whether it is identified by an automated scanner, manual test, or a third-party tool, and then score and prioritize the vulnerabilities. This information can be used to identify the key information security risk that need to be addressed.

3. Predictive Analytics Engine – Predictive analytics, via data mining, are needed to alert on high-priority issues that exist.

4. Global Threat & Activity Visibility – Graphs, metrics and charts provide a visual representation of an organization’s security posture. This information can be exported for colleagues, auditors and C-level executives, ensuring that everyone involved knows exactly which security issues exist today.

5. Scalable & Secure – The ability to easily handle vulnerability scan data from any security tool, as well as taking in and aggregating an unlimited amount of data, are both necessities. Putting the appropriate security measures in place to ensure that user data is safe & secure is also a requirement.

Our vulnerability intelligence platform delivers these capabilities. It provides security management teams with the insight and automation they need to respond more rapidly, proactively and efficiently to real, unperceived threats. Instead of pooling vulnerability and risk data into spreadsheets or scanner consoles, Risk I/O automatically aggregates and correlates data form over 20 sources, such as Tenable Nessus, Nmap, Rapid7 Nexpose, IBM AppScan, and HP WebInspect. It then leverages the power of local, global and networked data to collect evidence and predict risk. Risk I/O automatically finds and enables closed-loop processes to help you find and fix the highest importance problems and weaknesses in your organization, proactively reducing your exposure to risk.