Sysdig Integrates VulnDB to Strengthen Vulnerability Intelligence Reporting
September 2, 2020 • RBS
Today, Risk Based Security announced a partnership with Sysdig, Inc., the secure DevOps leader. VulnDB®, the most comprehensive, timely, and actionable source of vulnerability intelligence will be added to the Sysdig Secure DevOps Platform to extend its image scanning capabilities to provide richer findings around vulnerabilities in third-party libraries and dependencies. The detailed data from VulnDB gives organizations the tools to more effectively assess, prioritize and mitigate risk. Sysdig has also added a new VulnDB view to the Sysdig dashboards.
“There are vulnerabilities in virtually every application. The key is having a security partner that alerts you to the ones that need your attention. By including better data from VulnDB in their powerful container and Kubernetes security and monitoring platform, Sysdig has given its customers access to the best vulnerability intelligence on the market.“Jake Kouns, CEO and CISO, Risk Based Security
Effectively Reduce Security Risk
The product development landscape has increasingly been relying on non-OS code to save time. However, organizations may be unaware that by doing so, they may be introducing unwanted risk into their applications via third-party packages and dependencies. Fortunately for Sysdig customers, VulnDB provides increased vulnerability coverage and further strengthens vulnerability reporting, enabling organizations to uncover new vulnerabilities before production deployment.
VulnDB provides actionable detail on over 235,000 vulnerabilities, including 76,000 vulnerabilities that cannot be found in the widely used Common Vulnerabilities and Exposures (CVE) database. With the new view in the Sysdig dashboards, the inclusion of VulnDB helps organizations quickly identify vulnerabilities, recommend a fix, and work towards remediation. Teams will be able to focus on high-risk issues and coordinate fixes by being able to:
- Immediately see every package affected for each detected vulnerability
- Know the exact version that is being impacted by the vulnerability
- Understand the Common Vulnerability Scoring System (CVSS) score
“As organizations move to the cloud, they often rely too heavily on default vulnerability data, which isn’t enough for most organizations. Partnering with VulnDB adds a valuable intelligence feed, enabling us to give Sysdig customers the most comprehensive aggregation of vulnerabilities and visibility to their risks. Addressing issues during the build process is fundamental to accelerating application delivery while managing risk.“Omer Azaria, Vice President of Engineering, Sysdig
About Risk Based Security
Risk Based Security (RBS) provides detailed information and analysis on Vulnerability Intelligence, Data Breaches, and Vendor Risk Ratings. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.
VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB has published integrations with over a dozen security platforms including, JFrog, Splunk, ServiceNow, Brinqa, Recorded Future and RSA Archer. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.