Understand the Full Risk Potential – Include Vulnerability Data in Your IR Process with DFLabs and Tenable.io
Vulnerability data is crucial in protecting a company’s assets. Without this data and the ability to utilize it during a potential incident, an organization’s threat landscape would be nearly impossible to defend.
DFLabs’ integration with Tenable.io expands an organization’s ability to protect their valuable assets by allowing network defenders to operationalize this data to stay ahead of an attack. In doing so, this integration also helps to break down the barriers between vulnerability and security teams, allowing them to operate as one cohesive defensive force.
Unhandled vulnerabilities continue to plague organizations and leave their operations open to a potential security attack. Contributing to this threat is the siloing of teams responsible for vulnerability remediation and the security teams tasked with protecting an organization’s assets.
Combining these common issues could be a recipe for disaster. Vulnerability teams are in the dark regarding what assets are under attack and security teams are unaware what systems have yet to be patched in the critical first moments of an incident. The inability to correlate this information and collaborate with disperse teams hinders an organization’s ability to better prioritize patching and remediation efforts.
Here are just a handful of questions a SOC Manager or IT Security Manager may be asking themselves with the aim of improving the efficiency of their teams and the organization’s overall security program.
- How can my organization prevent exposure caused by unhandled vulnerabilities?
- How can my team better collaborate together to respond to potential incidents?
- How can our vulnerability data be better utilized to help prioritize incidents and provide greater visibility into an attack?
DFLabs and Tenable.io Solution
The integration between DFLabs’ Security Orchestration, Automation and Response (SOAR) platform, IncMan SOAR, and Tenable.io closes the gap between security and vulnerability teams by providing a comprehensive look into an environment as a whole. By providing network defenders the most up to date vulnerability information, they can quickly assess the severity of an incident and alert vulnerability and IT teams of a high priority issue within the infrastructure.
This collaborative partnership not only allows containment of a high priority incident to happen in real-time, but also identifies what vulnerabilities are actively being targeted, so support teams can patch and remediate them efficiently.
Tenable.io is an integral component of the Tenable Cyber Exposure Platform which provides actionable insight into an organization’s entire infrastructure and its security risks. This allows organizations to quickly and accurately identify, investigate, and prioritize vulnerabilities and misconfigurations in modern IT environments.
By providing the most accurate information on all of an organization’s assets and vulnerabilities, regardless of where they reside, Tenable.io will help to accelerate security risk assessments and allow network defenders to quickly identify vulnerabilities and misconfigurations. This information will arm security teams with the visibility into their entire cyberattack surface at all times (from IT to Cloud to IoT to OT) and arms the CISO, C-suite and Board of Directors with the insight to focus on the issues that matter the most, as well as enabling them to make better overall strategic decisions.
Here is a simple use case of the integration in action.
An intrusion detection system (IDS) alert is received indicating a current vulnerability exploit attempt has been observed towards an organization’s web server. Upon receiving the alert, IncMan SOAR creates a new incident and begins to gather system information for the affected web server.
The organization’s directory services platform as well as their Endpoint Detection and Response (EDR) solution is queried for the system information, including operating system type and version. Once this information is gathered, IncMan pulls the list of scanning templates from Tenable.io. This information is fed into IncMan to automatically generate a vulnerability scan against the affected web server.
Upon completion of the vulnerability scan, IncMan issues a User Choice action. This action will pause the incident’s Runbook to allow for the security team to review the results of the previous Runbook actions. If the system is found to have an open vulnerability associated with the exploit attempt, the security analyst will select a positive result which will automatically generate an email notification to the Vulnerability and Systems team and open a new ticket within the organization’s ticketing system. Once these notifications are sent, IncMan issues a request to the EDR solution to tag the system for remediation.
If the system is found to not contain attributes or open vulnerabilities, the analyst will select a negative result and the IncMan incident will be updated with the vulnerability findings and close the incident.
As mentioned at the beginning of this blog post, up to date vulnerability data is of core importance in protecting a company’s assets. If this data is not utilized in the right way, it won’t be possible to defend the company’s threat landscape to its best ability. The integration of DFLabs with Tenable.io helps organizations to understand the full risk an incident may pose and enables the organization to protect valuable assets while enabling security teams to operate more cohesively together.
If you would like to find out more about how DFLabs and Tenable.io work seamlessly together, you can request a personalized one to one demo now to see them in action.