Assess Third-party Supplier Risk and Respond to Critical Vulnerabilities
Category: Analytics and SIEM, Vulnerability Management, Endpoint
Cyware Products Used:
Respond
Orchestrate
Collaborate
Third-Party Integrations Used:
Panorays: Risk assessment tool to provide security posture rating on assets and data associated with the network, human, and application layers.
Tenable SC: To enrich identified vulnerabilities.
CrowdStrike Falcon Endpoint Detection and Response (EDR): To get asset details for the organization database.
Problem Statement
Ransomware and data breach attacks have always been on the rise. It is important for organizations to mitigate their own cyber risk and also bring third parties such as partners into alignment with their security controls, regulations, and risk appetite, and patch critical vulnerabilities on priority.
Solution
The solution is to continuously evaluate the security posture of your organization as well as your third parties to get an accurate view of associated cyber risks. In this solution, we use the Panorays application to evaluate an organization and its third-party security posture in a non-intrusive manner, through the analysis of externally available data. To ensure a comprehensive view of an organization’s security perimeter, Panorays application performs various tests to assess the network, human, and application layers.
Furthermore, Cyware’s fusion center correlates the posture rating provided by Panorays with vulnerability data received from the Tenable SC application to rank vulnerability severity and defend against security vulnerabilities promptly. This allows security teams to quickly identify and patch critical vulnerabilities first.
How do we solve this problem?
Get Supplier Posture Rating: The playbook starts by retrieving the latest supplier posture rating for the organization and third parties.
Filter Supplier Posture Rating: The playbook filters the organizations with Bad and Poor posture rating scores.
Retrieve Affected Assets: The assets that are impacted in the posture rating are retrieved from Panorays and sent for further vulnerability analysis and action.
Extract and Enrich Vulnerabilities: The vulnerabilities associated with the identified assets are retrieved from Respond, and the CVE IDs are sent to the Tenable SC application for further external enrichment. This retrieves vulnerability details such as remedy, Common Vulnerability Scoring System (CVSS) score, exploitability, and other important details to help security analysts to take proper decisions. You can also configure a preferred Vulnerability Enrichment application. See Vulnerability Management integrations.
Create Respond Incident: The details identified in the supplier posture rating, the affected assets, and the associated vulnerability details are formatted together to create a new incident in Respond. The playbook also performs further actions while the incident is ready for manual analyst review.
Filter Non-Exploitable Vulnerabilities: The playbook then filters out non-exploitable vulnerabilities and retains the exploitable vulnerabilities for processing the next steps.
Correlation: The playbook correlates the asset information received from CrowdStrike Falcon EDR with exploitable vulnerabilities to establish the following findings.
Critical Vulnerabilities with Impacted Assets: Filters the list of assets impacted by critical vulnerabilities.
Non-Critical Vulnerabilities with Impacted Assets: Filters the list of assets impacted by non-critical vulnerabilities.
Critical Vulnerabilities without Impacted Assets: Filters the list of assets that are not impacted by the critical vulnerabilities.
Non-Critical Vulnerabilities without Impacted Assets: Filters the list of assets that are not impacted by non-critical vulnerabilities.
Vulnerabilities without any Record: Filters the list of vulnerabilities that do not have any record.
Response and Remediation: Based on the risk and severity identified by the correlation of asset and vulnerability details, the playbook performs the following actions in real time.
Creates high-priority actions in Respond to rectify assets that are impacted by critical vulnerabilities and non-critical vulnerabilities. Additionally, the playbook notifies the system administrator of the third-party supplier and security teams about the vulnerabilities and impacted assets.
The playbook notifies the system administrator of the third-party supplier and security teams about the vulnerabilities that do not impact any assets.
If no vulnerability records are found after correlation, the playbook sends a notification to the security teams.
Optional Configurations
Advisory Notifications: The playbook can also send advisory notifications about critical vulnerabilities to partners and vendors using Collaborate.
Benefits
Get a 360 Degree View of Risk Posture
By identifying cyber gaps and providing a remediation plan, the solution allows suppliers to easily understand their security gaps and how they can close them.
Automated Assessment and Prioritization
Gather details on the security vulnerabilities in the network and prioritize the vulnerable assets as per the severity level using data such as CVSS score, exploit data, asset information, and many more. This helps security teams establish and maintain secured assets from many attack variants.
Comply with Security Policy and Regulations
Cyware fusion center allows analysts to analyze the policy gaps and regulation issues identified in the security posture rating and allows your organization to be assured that they adhere to regulations and standards.