CyberSponse provides a comprehensive Vulnerability management solution that enables security teams to integrate and leverage the vulnerability related data to enrich the threat investigations and also proactively ensure the safety of network assets.Learn More
CyberSponse integrates with most Vulnerability solutions like Nexpose, Qualys, Tenable, Threadfix, Nessus and multiple others. Through dedicated workflow to leverage the vulnerability, scan and asset data, following common use cases can be put in practice -
#1: Ensure Critical Asset’s Safety and Health:
- Vulnerability scanners feed in data to CyberSponse through the integrations available. De-duplication of same vulnerability data is checked. Multiple scanners can be integrated at the same time.
- Vulnerabilities are stored with all their metadata like CVE, CVSS, Category, Risk Score, Severity, Signature, Asset information etc.
- CyberSponse’s Asset module, which stores the critical asset inventory adds in more information about the asset if needed.
- Based on the vulnerability risk score and severity, EDR tools like Symantec ATP, Carbon Black, Tanium etc., which integrate with CyberSponse, are autotriggered (or manually) against the critical assets to get a comprehensive report.
- If needed, remote isolation of the affected assets can be performed through Symantec ATP, SEPM, Carbon Black integrations from the CyberSponse console for verification and patch management.
- A scan is remotely triggered from the CyOPs console, to verify the patch. The scan data is attached to the asset as correlated information.
- Complete investigation is auto-logged for later reference.
#2: Pro-active Vulnerability Management:
- Commonly known vulnerability information arrives into CyberSponse through threat intelligence or vulnerability management solutions.
- Analyst goes over the same in CyOPs and triggers scans remotely on the critical assets.
- Using integrations with EDR tools, analysts are able to quarantine or isolate the assets as needed. Patching related tasks are added in CyOPs using the Tasks module.
- Built-in reporting and dashboards are able to capture the vulnerability management activities to present information as needed.
#3: Enrich Threat Investigations:
- During alert investigation in CyOPs, an asset is found to have a malware. This can come in for example, via a Phishing email or DNS exfiltration attempt. This alert can also come in via say a solution like Symantec ATP, McAfee ES etc.
- The Asset gets correlated automatically to the Alert. This helps analysts to get the complete picture and historic information at a glance.
- Now if needed, the analysts can trigger scans on the asset as needed remotely through CyberSponse. Also, they can review when was the last scan done, and as needed refer that report quickly, since all the information is correlated and available.
Above are common scenarios, but aparts from these, there are multiple other use cases, like handling a fail scan event automatically, re-triggering scans in a scheduled manner, aborting scans as suitable and much more.