What is Vulnerability Analysis
September 2, 2021 • RBS
Vulnerability analysis is the last function of vulnerability intelligence. In this stage, you gauge the potential damage a vulnerability can cause if exploited. Ultimately, you are asking yourself, “now that I know this affects me, how bad can it be?“
What you need for Vulnerability Analysis
To answer that question you will need vulnerability metadata, severity information, and impact data.
What is Vulnerability Metadata?
Metadata is “a set of data that describes and gives information about other data.” When it comes to vulnerabilities, metadata may include the location of the attacker, the attack type, the high-level impact, availability of a solution, status of an exploit, aspects of the disclosure, general types of technology represented, authentication requirements, and more.
What does Severity refer to?
Vulnerability severity refers to how serious, or how big of a risk is associated with it. Low severity issues may not be prioritized as they are not seen to pose much risk to an organization. However, high severity vulnerabilities are typically triaged and patched immediately.
What does Impact affect?
When vulnerabilities are exploited, it impacts a system in some manner that may or may not be noticeable to the administrators or users. At the highest level, it will impact confidentiality, integrity, or availability (CIA). At a more granular level, confidentiality may be partially or fully impacted.
Impacting integrity can mean a variety of things so it may be described via simple metadata and with verbose descriptions that precisely lay out what happens if exploited.
If you’re a security professional, you know that those details are important for determining the scope of damage. However, that kind of information is often missing from most vulnerability entries and databases.
Chances are that most of your time is not spent on analyzing vulnerabilities. Instead, you likely find yourself spending more time validating entries by finding vulnerability metadata, severity, and impact yourself.
This may be the reality for organizations relying on CVE/NVD, or other public databases. In addition, many vulnerability intelligence providers focus on collecting issues, but perform little to no quality checks, resulting in inaccuracies and invalid entries.
No Substitute for Better Data
If you want to achieve true risk-based vulnerability management (RBVM), you need proper vulnerability intelligence. If your current security tool or vulnerability intelligence process lacks in the discovery, research, or analysis functions, it will be necessary to improve it.
Vulnerability intelligence should be comprehensive, detailed, and timely. You need to be aware of everything that is in the vulnerability disclosure landscape and have all the details so that you can manage risk as soon as possible. Are you certain you have that kind of visibility with your current tool?
If you want that level of visibility, you need important metadata like attacker location, attack type, impact, solution availability and exploit status. Only with that kind of detail can you begin to implement RBVM. Without it, you can’t definitively determine if a vulnerability needs to be patched, if other affected systems should be bolstered, or if the issue requires more resources than it is worth.
But just because those details aren’t included doesn’t mean that the information is unknown. If your vulnerability intelligence tool consistently misses important metadata, it’s likely that your data provider is substituting VI with CVE/NVD.
The Most Comprehensive Source of Vulnerability Intelligence
Power real-time prioritization and remediation decisions with the only source of comprehensive vulnerability intelligence.
The Risk Based Security Platform is built on VulnDB, the most comprehensive, timely and actionable source of vulnerability intelligence available. It tracks over 264,000 vulnerabilities, including IT, OT, IoT, and open source libraries and dependencies. It is independently researched, covering over 85,000 confirmed vulnerabilities missed by CVE/NVD.
Each vulnerability entry is standardized and easy to consume, containing over 60 potential classifications including vendor risk ratings, product risk ratings, and detailed exploit & solution information. The Platform is the only solution that provides scanless, real-time vulnerability intelligence with vendor and product risk ratings. With better data, your team can reveal the vulnerabilities that apply to your organization, prioritize what impacts your assets and products, and coordinate remediation.
Gain visibility into the overall security posture of your organization with advanced dashboards that draw attention to the latest vulnerability disclosures that apply to your organization. See for yourself how better vulnerability intelligence enables better business decisions.