Enhanced exploit database with Farsight risk-based threat Intelligence
Just before the global pandemic last year, Outpost24 launched Farsight, a risk-based vulnerability management tool with the ability to predict the likelihood of a vulnerability being exploited in the future. Through several blogs and analysis published in 2020 we demonstrated that this technology is very accurate for information security professionals when it comes to those vulnerability predictions.
Whilst many of our customers have switched to a risk-based vulnerability management program and are seeing the benefits of such – having smaller numbers of high risk vulnerabilities to remediate, we recognize that not every customer has the ability to make that switch overnight. As such, in our March release we will be using the Farsight threat intelligence feed as a source of truth for identifying vulnerabilities which have known exploits available, and making them available in the Outscan vulnerability management database for all Outpost24 customers.
What does this mean for Outpost24 users?
Previously we have used several open-source feeds to populate the exploit available field, visible in the Outscan vulnerability scanner. Many customers will prioritize these for patch / remediation because the exploit could be used to attack them. With the addition of the Farsight threat intelligence feed we will be enriching this exploit database for all our customers, at no additional cost, to improve their vulnerability prioritization capability.
Besides adding more exploit available information – we will also enrich the exploit source data providing linked details to the locations of exploits. However, this information will require a Farsight subscription – meaning that whilst all our customers can benefit from the enrichment of the ‘exploit available – Yes /No’ field, they will need a Farsight subscription to access the source of that exploit knowledge for more advanced analysis and to facilitate remediation.
How will this impact my organization’s vulnerability finding?
By adding the new Farsight threat intelligence feed our customers can expect to see almost double the number of vulnerabilities being flagged as having exploits available, due to the 24,000 additional vulnerabilities with exploit available from private sources. And of the existing vulnerabilities marked as ‘exploit available’, approximately half of those will be enriched with additional links to exploit data source (Farsight subscription required).
With this update, customers and partners currently relying on CVSS with ‘exploit available’ as their key metric may see an increase in the number of vulnerabilities appearing in their reports after March as a result of this new data source, providing them with enhanced threat intelligence and improved ability to triage security risks in their organization.
For customers already using Farsight to deliver a risk-based vulnerability management program, no real change should be seen unless you are also using ‘exploit available’ as a measurement. In which case you will also see a potential increase in the number of vulnerabilities appearing in your reports.
What’s next – recency of exploits
Going forward, we aim to add a new filter ‘Farsight-Last Seen’ to provide you with further guidance on which vulnerabilities to focus on based on recency.
Once a vulnerability has been exploited it will remain at the highest threat level (38.6 exploitability or 100% likelihood) as these vulnerabilities will always pose a threat of exploit, especially when the asset affected by the vulnerability is exposed on the Internet. However, some customers have expressed a desire to filter out those vulnerabilities that have not been actively discussed or exploited in the past 30 – 60 – 90 or more days. With this filter we will be providing that ability, like any of our other filters, in dynamic reporting and scanning to ensure that should a vulnerability not be active in the last 90 days and suddenly becomes active, will not be missed – another way to help Outpost24 customers refine and mature their vulnerability prioritization process and reduce exposure time.
Look out for these new features in the March 2021 release for better vulnerability management.