In the world of cybersecurity, vulnerability intelligence is like a guiding light for experts dealing with online threats. So, what is it?
Vulnerability intelligence focuses on gathering and sharing information about software vulnerabilities. Its main goal is to help security experts make smart choices about these vulnerabilities. It looks at software issues and ways hackers might use them to attack companies. This information comes from many places, including social media and even the hidden parts of the internet, known as the Dark Web.
Today, there are so many software vulnerabilities being found that companies can’t attend to them all at once. In fact, they can only patch about 5% to 20% of them each month. And only a tiny bit of these, about 2%-7%, are ever used in real attacks. This means security teams need to pick which ones to focus on first carefully. They need to know not just how bad a vulnerability is but also if hackers are likely to use it. This way, they can focus on the biggest threats and keep their systems safe.
What is SOCRadar Vulnerability Intelligence and How Can It Help?
Figure 1: SOCRadar Vulnerability Intelligence
In vulnerability management, quick action is crucial. Research shows that within 15 minutes of a new CVE being shared, threat actors start looking for ways to exploit it. With so many vulnerabilities found, it’s hard to patch them all quickly. This makes it important to decide which ones to patch first. That’s where SOCRadar comes into play.
SOCRadar enhances and ranks vulnerability with its proprietary systems.
How does it do this?
SOCRadar Vulnerability Intelligence employs a special score called the SOCRadar Vulnerability Risk Score (SVRS). This score rates vulnerabilities based on how likely they are to be exploited. It uses information from many sources, like social media, news, and dark web. It also considers links to threat actors and malware. This score, which ranges from 0 to 100, helps teams decide which vulnerabilities need a faster response.
Figure 2: SOCRadar Vulnerability Risk Score(SVRS)
SOCRadar Vulnerability Intelligence helps security teams fight against threats. It gives them advice on which vulnerabilities are most important. This means teams can quickly patch or update systems when needed.
In short, SOCRadar Vulnerability Intelligence doesn’t just find threats; it helps companies act fast to stay safe.
What can you do with SOCRadar Vulnerability Intelligence?
The CVE Trends page offers a snapshot of the current vulnerability landscape. You can view daily, weekly, and monthly trend data. It points out which vulnerabilities are gaining traction, based on SOCRadar’s comprehensive and real-time Vulnerability Intelligence module. This module gathers data from the surface web as well as the deep and dark web. It’s designed to keep you ahead of emerging threats.
Figure 3: SOCRadar Vulnerability Intelligence – Vulnerabilities of Week/Month
The Search Vulnerabilities page is incredibly handy. You can tailor your search for vulnerabilities using various filters. For instance, we applied vendor, product, and SVRS filters to pinpoint the top-rated vulnerabilities for Microsoft Exchange Server. This approach lets us zero in on the most critical Exchange Server vulnerabilities, making it easier to address a select few effectively.
Figure 4: SOCRadar Vulnerability Intelligence Search Vulnerability page
The vulnerability page offers the most in-depth knowledge of each vulnerability available. You can reach this page from multiple places, such as CVE Trends and Vulnerability Search. To discuss the various features, let’s take a rising RCE vulnerability into the hand, CVE-2023-3519, as seen below. There is a great number of points to discuss, but let’s start with the red glowing circles, the number 1. As mentioned before, SVRS provides a better understanding of the vulnerability’s urgency, and here we see it has a score of 99 out of 100 because it is being talked about on social media, the web, and dark web, and most probably on the radar of threat actors. Next, we can look at the description part, number 2, and see that the vulnerability has an “exploit available,” and it is “in the wild,” which means it is actively exploited in the wild.
Figure 5: SOCRadar Vulnerability Intelligence page for CVE-2023-3519
For the next part of our examination, we can look at the right-most part of the page, number 3. Here, we have a timeline presenting the Vulnerability Lifecycle. It marks the important events related to the vulnerability, such as created GitHub repos, MITRE updates, shared tweets, and SVRS points. As we can see above, just a week ago, the vulnerability had SVRS score of 93, but currently, it has nearly a score of 100. This rise stems from multiple data gathered by SOCRadar, some of which can be seen on the bar chart in the middle, number 4. It represents the latest GitHub repos, News, and Tweets shared by multiple sources.
Lastly, we can look at the bottom of the page, number 5. Here, we can see two spaces with multiple tabs, as seen below. On the bottom right, we can see the latest Tweets, Repos, News, and Mentions, which are represented on the previously mentioned bar chart. On the left side, we can see multiple tabs leading to Affected Countries, CVSS, Details, Available PoCs & Exploits, and SOCRadar Blog. Each tab provides invaluable information, such as the Details tab containing information on the CPE (Common Platform Enumeration) list which can help detect if the version of the software in your environment is a vulnerable one. On the SOCRadar Blog tab, you can find the blogs posted by SOCRadar detailing the respective vulnerability.
Figure 6: SOCRadar Vulnerability Intelligence page for CVE-2023-3519
However, not all CVEs have the same tabs. Let’s look at the page for the notorious Log4Shell vulnerability. Here we can see two new tabs Sigma & YARA Rules and APT Groups. Sigma & YARA Rules tab lists one of the best tools SOCs have in their arsenal to mitigate against potential attacks. The APT Groups tab contains the information on which APT groups leveraged the vulnerability in their attacks.
Figure 7: SOCRadar Vulnerability Intelligence page for CVE-2021-44228
The subscription page lets you subscribe for products of your desire to automatically receive notifications. This can keep you updated on the items you want without constantly checking on the platform. However, there is also another type of notification which is called “High audience CVE items.” It automatically emails you the latest vulnerabilities that have gained major attraction.
Figure 8: SOCRadar High audience CVE items
SOCRadar Labs CVERadar
There is a piece of great news at the end of this blog post. SOCRadar provides most of this vast amount of intelligence for free in its labs! On SOCRadar Labs, you can find CVERadar, which is a mirror of CVE Trends discussed above. Here you can find trends, details of vulnerabilities, and other important pieces of information about the vulnerabilities. It acts as a gateway to the SOCRadar’s capable Vulnerability Intelligence.
Figure 9: SOCRadar Labs CVERadar
Figure 10: SOCRadar Labs CVERadar
Vulnerabilities are ever-present and pose constant threats to organizations. SOCRadar’s Vulnerability Intelligence emerges as a vital tool, illuminating the path for experts amidst these challenges. It’s not just about identifying vulnerabilities; it’s about understanding their significance and potential for exploitation and prioritizing them effectively.
From offering a comprehensive view of the current vulnerability trends to enabling tailored searches for specific vulnerabilities, SOCRadar provides a holistic approach. Its unique scoring system, the SVRS, offers a nuanced understanding of each vulnerability’s urgency, ensuring that teams can act swiftly and decisively.
Moreover, the platform’s depth doesn’t end at identification and prioritization. It delves deeper, offering insights into the lifecycle of vulnerabilities, their active exploitation status, and even tools to counter potential attacks.
And the cherry on top? SOCRadar generously offers a significant portion of this intelligence for free through its labs, providing valuable information for the community.
In essence, SOCRadar’s Vulnerability Intelligence is more than just a tool; it’s a comprehensive shield, ensuring organizations remain fortified against ever-present cyber threats.