Product Announcements

Customized Threat Intelligence Engine

Mar 01, 2017
Guest Author

Unified VRM Analytics leverages vulnerability data from across all the modules (Internal, External and Web) the user has subscribed to and correlates that vulnerability information with external and internal threat feeds to provide the user actionable security intelligence. This enables the user to proactively protect them and take action against threats and vulnerabilities before potential severe business impact. Using our analytics the user can close the window of exposure and significantly lower risk by applying remediating controls to vulnerabilities rated by severity in context of the user’s business asset classification.

The Analytics engine powered by Elasticsearch can comb through throve of unstructured vulnerability, exploit, malware, patch, asset and ticket data to present the user with filterable lists of vulnerabilities present in their environment based on the search criteria. These lists can be filtered down even further based on several filters provided and the final search can be saved. From this saved search a report can be generated providing the user with more customizability from using UnifiedVRM.

UnifiedVRM Analytic Features

Keyword search vulnerabilities in user’s system.
Dynamic charts of CVSScore, Risk Factor, Operating system, Asset Locations based on search result.
Shortcuts for Top Impact, Top Patch, Top Exploit, Trending search.
Advance Filters: Patch, Malware, Exploit, Exploit Pack, Risk Factor, CVSSScore range, CVE, Asset Tags, IP Address, Port, OS, Asset Group, Location and Detection date.
History of search
Customized report based on user’s search result.
Link to Ticket management and Dashboard section.
Table of vulnerability information including threat feed references.

How to Use UnifiedVRM Analytics engine to remediate Vulnerabilities

Each vulnerability in Analytics can be viewed in Remediation of the corresponding module tickets have been opened in. For example:

The user can click View Tickets against an entry to go to Fix page for that specific vulnerability and a list of tickets related to that vulnerability will be displayed.

Context Enriched Remediation

The main advantage of using UnifiedVRM is to give the user a holistic view of vulnerability data and take action based on how those vulnerabilities impact their business the most. Using Unified VRM’s advanced filters the user can prioritize remediation based on the factors below and many more.

Vulnerabilities with publicly available exploits
Vulnerabilities with available patches
Top Impact Vulnerabilities (Critical and High risk factor)
Specific type of vulnerability such as HeartBleed across all hosts it affects (search keyword: HeartBleed or CVE-2014-0160)
All Vulnerabilities for a specific host
All Vulnerabilities through a specific port

This will list vulnerabilities according to the selection criteria as seen in the figure above. Apart from viewing the corresponding ticket(s) in the Fix page, the user can also glean more details about the vulnerability by clicking the More link. The user can also click the title of the vulnerability to view more specific details about the asset if affects, the port on which it affect the asset, its risk factor, the risk reduction percentage, threat references. Detail also include the number of hosts affected by this vulnerability and most importantly, solution steps if applicable.