With increasing frequency, there seems to be a common narrative among organizations suffering from a public data breach:
- A vulnerability is identified in an underlying component of a commercial software solution.
- The vendor releases a patch to address the vulnerability.
- Months, if not years later, an organization using that software solution is subject to a data breach.
- Forensic analysis reveals that the cause of the breach is due the exploitation of the same vulnerability still present on the system despite the availability of a patch.
- Personal Identifiable Information (PII) was found accessible or stored on the affected systems with inadequate security controls in place
- Attackers managed to exfiltrate PII data
Sound familiar? This narrative has been the story of almost every major data breach in the past several years. There are two key questions to take away from this cautionary tale.
- If a patch was available, why was the vulnerability still present on an affected server months/years after the patch release?
- If access and/or storage to PII is critical to the function of the application, why was this application not prioritized for patching since it represents a high-risk asset (web-facing, PII accessible)?
Both questions point to a failure in risk prioritization. Many organizations spend millions of dollars on security solutions to address critical issues like patching, but lack the ability to bring the information generated by these solutions together in a meaningful way. Vulnerability intelligence is just noise unless it is married to accurate asset state data.
With NorthStar, our customers start by building an accurate asset inventory based on the information generated by their existing security tools and management systems. Once that asset repository is built, NorthStar can overlay existing business logic and information to help identify important characteristics like line of business and data classifications. This enriched asset inventory serves as the foundation for NorthStar to add existing and commonly used threat intelligence feeds like the CVE database and Symantec Deepsight to bring together actionable vulnerability and remediation information. When coupled with the asset inventory, this exposure data is now accessible and centrally located for any stakeholder in the organization from the CISO down to the helpdesk.
Vulnerability intelligence is just noise unless it is married to accurate asset state data.
For our customers, the accessibility of exposure and asset data dramatically changes their approach to remediating existing vulnerabilities. By leveraging the enriched data that NorthStar provides, customers can make critical and informed decisions based on real, verifiable data. When new vulnerabilities are identified, NorthStar customers can see from single pane of glass where that vulnerability exists in their environment as well as what the criticality of those systems to the overall business and prioritize the remediation efforts accordingly. NorthStar customers can also leverage historical data to track their ongoing remediation efforts based on a specific vulnerability or across the entire attack surface of the organization.
By utilizing NorthStar’s consolidated exposure and asset data, organizations are assured that they are utilizing their personnel and resources in the most impactful way.