Vulnerability Prioritization Made Easy

I
July 15, 2022

How Autobahn turned one million security issues into eighty actionable workouts

Did you know that the effects of hard work compound in cybersecurity? The more you train your cyber muscle, the stronger your organization's security posture becomes. To boost efficiency, the shortcut would be to get to know which workouts to do to look better faster. And this is exactly how Autobahn comes into play. The story shows how Autobahn was able to prioritize one million cybersecurity issues from a reputable vulnerability scanner and turn them into 80 actionable workouts.

What if someone told you that you can reduce one million cybersecurity issues to 80 real-world workouts that would give your IT staff the capacity to remediate the root causes of these flaws in weeks rather than months? One. Million. Prioritized. Issues… As if your IT security team would suddenly increase ten times in size. Or magic got involved...

Imagine the following scenario: a team of efficient cyber genies have visited your IT department. (In our world of increasingly complex IT infrastructures, with new security wake-up calls disturbing us almost every month, even genies must work in teams.) The genies provided guidance on cyber health and used their magic powers for guaranteed results. Somewhat predictably, your IT staff got three wishes:  

  1. The ocean of cyber trouble – temporarily disguised as one million security issues from a vulnerability scanner –  should disappear  
  1. in a breeze
  1. causing no disruption of services to your customers  

To explore the idea further, reading this blog post is worth your time. We at Autobahn Security cannot promise you genies appearing at your doorsteps equipped with the best of intentions. What we can do, however, is let the hundreds of thousands of issues detected by Qualys, Nessus, Rapid7, and other reputable vulnerability scanners pass through Autobahn’s aggregation and prioritization funnel to distill the ocean of trouble into a few workouts that are user-friendly, easy to follow, and expert-approved. Armed with them, even non-security IT professionals can remediate those detected security flaws and misconfigurations.

Do you have one minute for a value pitch?

Vulnerability management: a case study

The story began as a typical vulnerability assessment journey many IT professionals are familiar with. You scan your IT assets using a known vulnerability scanner. In our case study, the Customer – a leading software manufacturer – uses a Leading Scanner to detect security issues in their internal and external production networks. As the scanner discovered close to one million issues, the Customer’s IT team felt predictably overwhelmed. They knew all too well how much effort and expert knowledge would be required to perform effective remediation. A practical solution to make issue remediation manageable would be to cluster and prioritize these one million issues into actionable steps that fix root causes.  

The team began searching for software tools and SaaS platforms to do the clustering of the detected issues and prioritization of the potential countermeasures. At this stage, Autobahn Security got involved. Based on the one million cybersecurity issues discovered by  our customer’s scanner, Autobahn Security was able to identify workouts that were likely to greatly affect the Customer’s production networks. To illustrate, it turned out that just two workouts in two production networks would solve over 40% of the company’s total hackability problems.

Intrigued to know the technicalities? Here are some details. The case study involved two types of scans: external and internal. From the internal scan, Autobahn Security was able to identify 720 production environments with critical or high severity issues. And in perfect sync with the other related findings, only three of these critical issues contributed to 50% of the company’s total hackability. Believe it or not, those were mostly Red Hat Linux patching issues in the internal network.  

The external scan also brought energizing results. By doing one of Autobahn’s workouts for patching a web-server implementation in one externally reachable network, the customer could solve over 15% of external vulnerabilities.  

In sum, the team of cyber fitness genies delivered. They succeeded in bringing the ocean of cyber issues under control, with the additional benefit of boosting the happiness level of the Customer’s IT team. They were able to overcome the eternal conflict between operational and cybersecurity needs and lived happily ever after ;)  

Accidentally, the genies left a lamp to rub for those curious to visit a cyber fitness gym...

Prioritization of issues with cyber fitness workouts

To be able to scan your IT assets and identify security risks is undeniably a breath of fresh air. However, it does not make your company secure just yet. Ask any IT professional and they will tell you that you simply cannot address issues in the order in which they are received. Successful remediation relies on a good risk prioritization plan that would consider the impact of remediation on your organization’s security posture. Companies must order the identified risks by level of criticality. This is where Autobahn’s cyber fitness workouts come into play.  

Why do we need to take our cyber health seriously? The truth is that in a significant percentage of breaches, hackers exploit well-known entry points.  Although the range of attacks is broad, you can often remediate multiple issues by installing a single patch or by tweaking a few settings to harden your system. Autobahn’s signature cyber fitness workouts explain how to do just that: which vital specific steps should be taken to make your organization more secure.  

To illustrate, a patching workout often contains a step on where to get the latest stable software version. Besides, the workout might also tell you which system requirements to consider during the update or how to do a backup. In addition, the workout sheds light on how to automate updates or roll some of them back and tells you in what order to update specific components. Your IT team will love it: armed with the necessary fixes, they only need to apply the provided solutions. And they can also send a ticket to Jira for tracking remediation progress.

It is a nice jumpstart into sustainable and secure vulnerability management. Perusing those endless security reports was yesterday. Today you can achieve hassle-free remediation results to get fixes done by using a SaaS platform.  

And the beauty of it is that you improve your cyber health with each new workout you take. In a normal gym, your fitness level and your appetite for sports improve if you exercise regularly. Likewise, each cyber fitness workout you take reduces your Hackability score and brings you closer to an ideal security posture.

Connectivity with other cybersecurity software

With Autobahn, you can go through the full vulnerability management cycle if you wish. But you can also have us ingest data from other tools you have been using, such as Qualys, Nessus Pro, and Rapid7 to mention just a few. Why not get the most out of your existing IT security investments?  

Our SaaS platform enables process and workflow orchestration

You can orchestrate the workouts to the right asset owners using the Jira ticketing system integration. Setting up your Jira cloud or Jira on-premise is only a few clicks away. It enables automated pushing of Autobahn findings into Jira. Here are a few use cases that involve Atlassian Jira, the software used for planning agile work from project backlog to sprints.

  1. Assume that you want to quickly identify specific issues related to one of the three main security best practice areas: hardening, patching, and exposure. Autobahn gives you the option to get this information as a specific report in a heartbeat by creating an issue in Jira.
  1. Internal Autobahn scans can be started from your Jira project based on your specific IP subnets.
  1. Autobahn can automatically check whether specific vulnerabilities are remediated when they move in your issue board to a done status that you can set yourself, and if the remediation was unsuccessful, move the issue back to its previous state.
  1. Once you create a Jira ticket with a specific CVE, Autobahn will automatically scan your perimeter and add infected hosts to the ticket.
  1. Jira can be updated automatically through Autobahn’s cyber fitness dashboard. If a workout has been marked as:
  • risk-accepted
  • false-positive, or
  • done

the issue in Jira will also be marked according to the status in Autobahn.

Want to learn more about our Cyber Fitness Platform? Talk to our team to see how Autobahn Security can make you Cyber Fit.