Gloria Higley

Managing Vulnerability Risk with the RSA Archer IT Security Vulnerabilities Program and ThreatWatch Integration

Blog Post created by Gloria Higley Employee on Mar 19, 2020

Proactive security is essentially a big data problem, although at first glance it may not seem like one. On one hand, the vulnerability deluge is inundated with thousands of vulnerabilities and exploits being reported each day. On the other hand, there is an ever-expanding attack surface with public/hybrid clouds, data centers, and containers. These two dimensions effectively make it a big data problem. Traditional vulnerability assessment (VA) solutions and their scanning-over-the-network models are simply not up to solving it.

 

ThreatWatch is a next generation proactive cyber security solution that uses machine-powered, AI-based vulnerability curation, along with a no-scan approach, for impact assessments for assets including cloud instances, containers, servers, source code, and more.

 

Two key aspects of the ThreatWatch integration to note:

  1. ThreatWatch does no scanning over the network.
  2. All assets recorded in ThreatWatch are protected in a continuous and ongoing manner without user intervention.

ThreatWatch integrates with the RSA Archer IT Security Vulnerabilities Program use case to provide a real-time automated picture of the vulnerability landscape and its impacts on organizational assets to customers. The RSA Archer IT Security Vulnerabilities Program use case offers a centralized catalog of IT assets, repository, and taxonomy for vulnerability data that enables customers to quickly understand which assets are vulnerable based on scanner detections.

 

This integration is achieved via two data feeds in RSA Archer:

  • The ThreatWatch Vulnerability Intel data feed pulls the latest vulnerability intelligence from ThreatWatch into RSA Archer's Vulnerability Library application. This helps provide a complete vulnerability landscape to RSA Archer users. It also helps provide prioritization input for newer vulnerabilities like Common Vulnerabilities and Exposures (CVEs), missing analysis in National Vulnerability Database (NVD), and critical information around availability of patches, remediations and exploits. Together, these details help security teams with prioritization.

    ThreatWatch Vulnerability Library Screenshot
  • The ThreatWatch Vulnerability Impact data feed pulls the latest vulnerability impacts from ThreatWatch into RSA Archer's Vulnerability Scan Results application. ThreatWatch's continuous no-scan approach ensures that impacts are recorded in near real-time without the need for intrusive scans on the network. Impacts are auto-prioritized as either “Do Now” (something that needs immediate attention) or “Do Later," providing actionable insights for security teams.

    ThreatWatch Vulnerability Scan Results Screenshot

 

Having vulnerability intelligence and impact details in RSA Archer out-of-the-box applications like Vulnerability Library and Vulnerability Scan Results ensures that existing RSA Archer users do not have an additional learning curve and can leverage existing reports. The ThreatWatch integration with RSA Archer helps provide a complete and accurate risk score picture to RSA Archer users.

 

ThreatWatch Example Vulnerability Intelligence Chart

 

Example Vulnerability Intelligence Chart

 

ThreatWatch Example Vulnerability Impacts by Asset Chart

Example Vulnerability Impacts by Asset Chart

 

ThreatWatch Example Vulnerability Impacts by Asset by Priority Chart

Example Vulnerability Impacts by Asset by Priority Chart

 

Interested in learning more about the ThreatWatch integration with RSA Archer?
Register and join us for a Free Friday Tech Huddle on Friday, March 20, for an overview and live demo. Free Friday Tech Huddles are only available to RSA Archer customers. If you are not yet a customer but you are interested in learning more, please contact your local representative or authorized reseller — or visit us at www.rsa.com.


About the author(s):

Ajey Godbole & Paresh Borkar
Ajey Godbole is a Senior Engineer at ThreatWatch. Paresh Borkar is a co-founder and Chief Architect at ThreatWatch.

 

Gloria Higley

Gloria is a Product Manager focused on providing useful and relevant product offerings for customers and partners with the RSA Exchange for RSA Archer. Offered online through RSA Link, theRSA Exchange provides access to pre-built App-Packs, RSA Ready-certified Integrations, Tools & Utilities, and Content that complement and enhance out-of-the-box capabilities of RSA Archer use cases. 

Outcomes