Vulnerability Management Decision Support: Identifying & Prioritizing Zero-Day Vulnerabilities

Andrea Bailiff-Gush    November 10, 2014

This is a guest blog post by Josh Ray, Senior Intelligence Director for Verisign iDefense Security Intelligence Services.

One of the biggest challenges facing security teams today is staying up-to-date on the ever-changing security threat landscape. The inclusion of Verisign iDefense Security Intelligence Services’ zero-day vulnerability intelligence into Risk I/O’s threat processing engine provides security practitioners with actionable intelligence on the most important cyber threats to help protect their enterprise.

OpenVAS Vulnerability Integration

Verisign iDefense vulnerability intelligence includes vulnerability, attack and exploit data, such as unpublished zero-day vulnerabilities, collected from over 30,000 products and 400 technology vendors around the world. This data complements the threat processing of Risk I/O’s SaaS-based vulnerability threat management platform, which continuously aggregates attack, threat, and exploit data from across the Internet, by matching it with customers’ vulnerability scan data to generate a prioritized list of vulnerabilities that are most likely to be exploited.

Having advance knowledge of zero-day vulnerabilities and leveraging a risk-based prioritization methodology provides network defenders with the information they need to develop and implement mitigation plans to help protect against exploits and reduce their organization’s cyber threat exposure until a patch, or official fix from the vendor, has been issued.

As we have seen numerous times over the last year, the cost of a compromise to an organization’s revenue and brand far outweigh any of the upfront costs of moving toward a proactive security model. Advance knowledge, coupled with risk-based prioritization, can help enterprises shrink their attack surface and make better resource allocation decisions to effectively save valuable time and money. That’s what the partnership between Risk I/O and Verisign iDefense Security Intelligence Services is all about.

To learn more about the benefits of getting your data processed with Verisign iDefense’s zero-day vulnerability data, click here.

About the Author:
Josh is a recognized cyber intelligence expert on matters related to cyber exploitation and adversarial tactics, techniques, procedures and technologies, and for his work on computer network exploitation and cyber adversarial actions. He has presented at a variety of DoD and commercial cyber intelligence conferences and symposiums.

Josh has more than 12 years of combined commercial, government and military experience in Cyber Intelligence, Threat Operations and Info Security, including managing Verisign iDefense, managing the Cyber Threat Intelligence Program at Raytheon and technical leadership roles with the Office of Naval Intelligence (ONI) and the Northrop Grumman Corporation at the Joint Task Force – Global Network Operations (JTF-GNO) providing support to focused operations.

Leave a Reply

Your email address will not be published. Required fields are marked *