Kenna Security is now part of Cisco

|Learn more

Five Architectural Requirements for an Agile Vulnerability Intelligence Platform

Jan 24, 2013
Ed Bellis
Chief Technology Officer, Co-founder

Share with Your Network

This is the third post in a three-part series on Agile Risk Intelligence. The complete Agile Risk Intelligence e-book is now available.

With vulnerability scanners deployed across the stack and the organization, security managers are swimming in data, but struggling to make sense of it. As I blogged about previously, current approaches lack the context and global visibility to deliver meaningful insight. Without this insight, security management teams lack the time, tools and process to proactively reduce global exposure. Vulnerability intelligence solutions must shift their orientation across many dimensions, from data aggregation to understanding risk and many others. This shift is summarized in the table below. Any vulnerability intelligence solution must be oriented around this new approach.

 

Vulnerability intelligence solutions must become agile, shifting their orientation from siloed internal scanning to aggregated global analytics and processes.

Our goal when designing our vulnerability intelligence platform was to close these context, visibility, resource and process gaps to enable security management teams to be agile and effective in understanding and reducing IT risk. Our design principles for building the solution are described in the table above. With these goals and principles in place, we defined five key requirements. They are:

1. Rapid & Broad-Data Ingestion – A centralized data repository is needed to aggregate security data on all applications, network devices, servers and databases quickly and present all of this information in one place.

2. Extensible Correlation Engine – A correlation engine will track each vulnerability throughout its lifecycle, whether it is identified by an automated scanner, manual test, or a third-party tool, and then score and prioritize the vulnerabilities. This information can be used to identify the key information security risk that need to be addressed.

3. Predictive Analytics Engine – Predictive analytics, via data mining, are needed to alert on high-priority issues that exist.

4. Global Threat & Activity Visibility – Graphs, metrics and charts provide a visual representation of an organization’s security posture. This information can be exported for colleagues, auditors and C-level executives, ensuring that everyone involved knows exactly which security issues exist today.

5. Scalable & Secure – The ability to easily handle vulnerability scan data from any security tool, as well as taking in and aggregating an unlimited amount of data, are both necessities. Putting the appropriate security measures in place to ensure that user data is safe & secure is also a requirement.

Our vulnerability intelligence platform delivers these capabilities. It provides security management teams with the insight and automation they need to respond more rapidly, proactively and efficiently to real, unperceived threats. Instead of pooling vulnerability and risk data into spreadsheets or scanner consoles, Risk I/O automatically aggregates and correlates data form over 20 sources, such as Tenable Nessus, Nmap, Rapid7 Nexpose, IBM AppScan, and HP WebInspect. It then leverages the power of local, global and networked data to collect evidence and predict risk. Risk I/O automatically finds and enables closed-loop processes to help you find and fix the highest importance problems and weaknesses in your organization, proactively reducing your exposure to risk.

Read the Latest Content

Research Reports

Prioritization to Prediction Volume 5: In Search of Assets at Risk

The fifth volume of the P2P series explores the vulnerability risk landscape by looking at how enterprises often view vulnerabilities.
DOWNLOAD NOW
eBooks

5 Things Every CIO Should Know About Vulnerability Management

If you view vulnerability management (VM) as just a small part of your operation, it might be time to take another look.  Managing vulnerabilities is...
DOWNLOAD NOW

Videos

Videos

Get Started Using the Exploit Prediction Scoring System (EPSS).

Cyentia Institute’s Chief Data Scientist and Founder Jay Jacobs gives tips on how to get started using the Exploit Prediction Scoring System (EPSS). You...
READ MORE
FacebookLinkedInTwitterYouTube

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.