Proactive security is essentially a big data problem, although at first glance it may not seem like one. On one hand, the vulnerability deluge is inundated with thousands of vulnerabilities and exploits being reported each day. On the other hand, there is an ever-expanding attack surface with public/hybrid clouds, data centers, and containers. These two dimensions effectively make it a big data problem. Traditional vulnerability assessment (VA) solutions and their scanning-over-the-network models are simply not up to solving it.
ThreatWatch is a next generation proactive cyber security solution that uses machine-powered, AI-based vulnerability curation, along with a no-scan approach, for impact assessments for assets including cloud instances, containers, servers, source code, and more.
Two key aspects of the ThreatWatch integration to note:
- ThreatWatch does no scanning over the network.
- All assets recorded in ThreatWatch are protected in a continuous and ongoing manner without user intervention.
ThreatWatch integrates with the RSA Archer IT Security Vulnerabilities Program use case to provide a real-time automated picture of the vulnerability landscape and its impacts on organizational assets to customers. The RSA Archer IT Security Vulnerabilities Program use case offers a centralized catalog of IT assets, repository, and taxonomy for vulnerability data that enables customers to quickly understand which assets are vulnerable based on scanner detections.
This integration is achieved via two data feeds in RSA Archer:
- The ThreatWatch Vulnerability Intel data feed pulls the latest vulnerability intelligence from ThreatWatch into RSA Archer's Vulnerability Library application. This helps provide a complete vulnerability landscape to RSA Archer users. It also helps provide prioritization input for newer vulnerabilities like Common Vulnerabilities and Exposures (CVEs), missing analysis in National Vulnerability Database (NVD), and critical information around availability of patches, remediations and exploits. Together, these details help security teams with prioritization.
- The ThreatWatch Vulnerability Impact data feed pulls the latest vulnerability impacts from ThreatWatch into RSA Archer's Vulnerability Scan Results application. ThreatWatch's continuous no-scan approach ensures that impacts are recorded in near real-time without the need for intrusive scans on the network. Impacts are auto-prioritized as either “Do Now” (something that needs immediate attention) or “Do Later," providing actionable insights for security teams.
Having vulnerability intelligence and impact details in RSA Archer out-of-the-box applications like Vulnerability Library and Vulnerability Scan Results ensures that existing RSA Archer users do not have an additional learning curve and can leverage existing reports. The ThreatWatch integration with RSA Archer helps provide a complete and accurate risk score picture to RSA Archer users.
Example Vulnerability Intelligence Chart
Example Vulnerability Impacts by Asset Chart
Example Vulnerability Impacts by Asset by Priority Chart
Interested in learning more about the ThreatWatch integration with RSA Archer?
Register and join us for a Free Friday Tech Huddle on Friday, March 20, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.
About the author(s):
Ajey Godbole & Paresh Borkar
Ajey Godbole is a Senior Engineer at ThreatWatch. Paresh Borkar is a co-founder and Chief Architect at ThreatWatch.