VulnDB Enrichment Module Released for MISP Project
November 20, 2017 • RBS
Risk Based Security is pleased to announce that a new VulnDB enrichment module has been published for the Malware Information Sharing Platform & Threat Sharing Project (MISP)! MISP is a feature-rich, open source threat intelligence platform used by more than 2,500 organizations for sharing, storing, and correlating Indicators of Compromises (IoC) of targeted attacks.
Koen Van Impe, the author of the MISP VulnDB module, is an independent security consultant, who helps companies with incident response, incident coordination, threat intelligence, vulnerability management, and managing CERT teams. “Integrating vulnerability intelligence in a threat information platform allows you to focus and put the attention and time investment on the assets that are primarily at risks. Ideally you patch everything but this is often not possible”, said Koen Van Impe. “Combining information about the threat with what vulnerabilities are in scope allows organizations to evaluate the likelihood and probability of an intrusion.”
For organizations considering or currently using MISP, which has many features built in, they can extend the platform with additional modules. Organizations, which also have a subscription to VulnDB, are also now able to easily add comprehensive vulnerability intelligence to MISP. While not always in the forefront, vulnerabilities are a key part of any threat intelligence platform.
The fourth phase (Exploitation) of the Cyber Kill Chain often includes usage of a known vulnerability in a system. Ensuring that a threat intelligence platform has details on all vulnerabilities, and not just those limited to having a CVE ID, is critical. “With MISP and the VulnDB module, operational teams can now use the intelligence in the threat platform to decide which assets need early patching. The incident response team can even use the vulnerability intelligence to limit the scope of where to start an investigation”, added Impe.
To get started integrating this new module, Impe has published a full write-up and configuration instructions. “VulnDB is the most detailed and comprehensive source of vulnerability intelligence available. It is exciting to see the integration into MISP. It allows existing VulnDB customers to add another layer of threat management on top of their subscription. Similarly, it also allows MISP users to make much more informed decisions when managing threats based on the VulnDB intelligence”, said Michael Mortensen, European Director, Security and Risk Intelligence for Risk Based Security.
If you have any questions or ideas for improvements we would love to hear from you!
About Risk Based Security
Risk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner.
In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications.
A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.