Intel-Driven Vulnerability Hunting
Category: Cyware Product
Cyware Products Used:
Intel Exchange
Orchestrate
Third-party Integrations Used:
Akamai API Security: API Security gives you full visibility into your entire API estate through continuous discovery and real-time analysis.
ITSM Platforms: ITSM platforms such as ServiceNow ITSM are used to create tickets for identified vulnerabilities and affected assets.
Problem Statement
Organizations must efficiently identify and manage vulnerabilities using threat intelligence to prevent potential exploitation. Integrating indicators from threat intelligence platforms with asset management systems enables proactive vulnerability hunting and remediation.
Solution
Automate receiving indicators from a Threat Intelligence Platform (TIP), searching for relevant assets containing vulnerabilities, and managing identified risks through ITSM systems and security team notifications.
 |
How do we solve this problem?
Receive Indicator from TIP: The playbook begins by receiving a vulnerability as a CVE ID from the Cyware Intel Exchange, which highlights a potential vulnerability or threat.
Search Vulnerability in Akamai API Protector: The received vulnerability ID is used to search within Akamai API Protector for any relevant assets that might be vulnerable. This search identifies assets that could potentially be impacted.
Identify Affected Assets: Upon finding assets in Akamai API Protector, the playbook extracts details such as asset identifiers, locations, and vulnerability descriptions to prepare for remediation actions.
Create ITSM Ticket: The playbook then creates a ticket in the ITSM platform (for example, ServiceNow ITSM) for each affected asset, detailing the vulnerability and necessary remediation steps for IT teams to address the issue.
Notify the Security Team via Email: A comprehensive email is sent to the security team, notifying them of the vulnerabilities found and completing the intel-driven vulnerability hunting process, including the details of the assets and ITSM tickets created.
Benefits
Proactive Vulnerability Management
Enables you to identify and remedy vulnerabilities before they can be exploited by leveraging real-time threat intelligence.
Streamlined Communication
Ensures that both IT and security teams are informed and can act promptly through automated ticket creation and email notifications.
Efficient Risk Mitigation
Reduces the potential attack surface by quickly identifying and addressing at-risk assets within the organization.
Enhanced Integration
Combines threat intelligence with asset management systems to create a seamless workflow for vulnerability detection and remediation.