New capability simplifies the challenge of prioritizing CVEs for faster triage and remediation
Enables organizations to focus resources on the vulnerabilities most likely to be exploited against them
London and San Francisco, February 01 2022 – Digital Shadows announces the launch of a new Vulnerability Intelligence module within SearchLight. The new capability enables security teams to rapidly identify which of the many thousands of Common Vulnerabilities and Exposures (CVEs) they should focus their limited resources on and how they can prevent criminals from exploiting them.
The new module, within Digital Shadows SearchLight™, is powered by nine years of collected data from its analyst team which actively monitors criminal forums to assess how vulnerabilities are being exploited and against which type of organization. This is combined with continuous monitoring of code repositories, paste sites, social media, vendor websites, and advisories to provide a comprehensive view of real-world interest and exploitation. A dedicated team of analysts provide additional research, remove unnecessary noise, and provide a source assessment for each related event.
The capability improves several existing workflows. First, clients can search for technologies they use to search for evidence of exploitation and other risk factors–ensuring they are scanning for the vulnerabilities that can pose the biggest risk. Second, security professionals can use the context within CVE Profiles to inform responses to high-profile vulnerabilities. Finally, clients will be able to bulk prioritize a large list (up to tens of thousands) of CVEs – a simple copy and paste function will provide them with a ranking of the most serious pertaining to their organization for further escalation.
Russell Bentley, Vice President of Product at Digital Shadows, comments: “Enterprises use hundreds, if not thousands of various types of software, and tens of thousands of vulnerabilities are announced every year. There are not enough resources to triage this, let alone test and apply all the patches to fix them. Organizations often rely on the CVSS (Common Vulnerability Scoring System). It’s a good baseline but unfortunately, these scores can be hypothetical rather than a reflection of whether these CVEs are being exploited by threat actors.”
Alastair Paterson, Co-Founder and CEO, continues: “The functionality we are announcing today cuts through the noise and enables organizations to focus on only what is critical to them. Instead of relying on a vendor’s arbitrary risk score (which can be opaque) security teams can filter by just the risk factors they care about. All evidence and content is then shown in the CVE profiles which are powered by actual intelligence based on criminal behavior and conversations.”
To learn more, read the Vulnerability Intelligence datasheet.
ABOUT DIGITAL SHADOWS
Digital Shadows provides threat intelligence that delivers for every security team. Our platform was built with today’s overloaded security analyst at heart, who demanded a more relevant and actionable approach to threat intelligence. SearchLight focuses on digital risks that organizations care about, using a proven threat model that adapts to the organization risk profile and appetite. This approach delivers the least noise of any solution on the market, allowing security teams to work faster and with less resources than ever before. To sign up for our free weekly threat intel digest or learn more about our platform, visit www.digitalshadows.com.