It keeps happening over and over again. I speak to a prospect, and they do not want yet another vulnerability report with pages and pages of assets and vulnerabilities. Every tool vulnerability assessment scanner can produce this with various degrees of customization and consolidation but a 1,000 page report for a few dozen assets doesn't scale for the organization or the administrator trying to interpret the results. Even sorting the results based on risk, or filtering on critical assets, can produce a report that is completely unusable based on the shear volume of pages contained within. The same problem is happening in almost every enterprise client I speak to. So what is the solution? Rethinking how a solution displays, reports, and analyzes vulnerabilities and present them in a way that is meaningful and actionable.
We took that first step about 6 months ago when we first introduced HeatMaps to Retina Insight. This concept takes the most critical vulnerabilities (72 seen as CVSS High Impact below) and reorganizes them by risk. 59 of them are Remote Unprivileged and only 37 have proven exploits in common penetration testing tools. For my clients, I would recommend starting remediation on the 37 remote unprivileged, CVSS high impact, and available in an exploit framework first, and then continue working on efforts to mitigate the rest of risks from right to left. This review has essentially trimmed nearly 50% of the vulnerabilities off the vulnerability report based on real-word priorities and the complete details for remediation are a simple drill down into the Heatmap. This then follows the traditional vulnerability report we all are familiar with.
While this exercise of reclassification is rather basic, it is incredibly important. It visualizes what vulnerabilities are the most critical (despite a critical score) and where the weaknesses are to the business. It does however lack one component that is now available in the new Threat Analyzers. Which vulnerabilities out of the "59" would improve my vulnerability count, vulnerability score, and asset risk score the most if I could only apply a subset of them in a normal remediation cycle. Below is a screen shot from the Threat Analyzers available in Retina Insight.
Essentially, if I was a security engineer and recommended "n" vulnerabilities to be remediated by my team members, what improvement would I see to my overall vulnerability count and asset risk score? This value can be changed to meet a user's needs, capacity planning requirements, and filtered on mitigation type: Configuration, Patch, or Zero-Day. The Analyzers will automatically calculate the best recommendations and calculate the effectiveness of the remediation plan. In this example, Retina Insight is recommending 20 vulnerabilities that are a combination of Patches and Configuration changes that would improve the vulnerability count by over 18.5% and lower the average asset risk score by 9%. The Threat Analyzers allow changing criteria within the solution and even filter on: Recommendations, Vulnerability, Mitigation, Software, Score, and Asset Count to optimize the remediation plan to be the most effective use of resources and to maximize security posture.
These tools are no longer just about finding a vulnerability and running a report; they are about working smarter and ultimately making us more effective at our jobs. Prioritizing our efforts, understanding which vulnerability needs attention first, and creating a plan to create a secure computing environment is how we solve these problems. The days of sole vulnerability reports are a legacy technology and we would like to introduce you to Retina. A better way to manage threats and vulnerabilities. For more information, click here.
