We’ve been releasing a series of videos from Chief Strategy Officer, Brian Contos, highlighting how Sevco’s Asset Intelligence platform works, and how organizations can use it to better understand their environment. We call these videos Sevco Security Shorts.
Now, we’re posting the transcripts of this series for those that would prefer to read the content.
Hey, everyone. Today we’re talking about vulnerability and exposure management within Sevco. Now we see all these different source feeds, CrowdStrike, Jamf, Automox, Amazon, Tenable. Those are our raw sources, but they end up being just 13,771 unified devices. Well, now let’s look at these specific devices that we’re seeing from these different sources. We’ll start with the device information. We see that long list of 13,000 + devices. We can scroll up and down. In this case, we see what CrowdStrike is giving us Tenable, Automox. In this case, Automox is missing from this device, and we can actually drill into it to get that information. We see what the device is, when is the last time we saw it? 11 minutes ago. Again, who’s feeding this information? And we also see what’s missing. Oh, it’s missing configuration patch management. It’s got some CVEs, it’s a critical asset, it’s on-prem, it’s in Minneapolis.
We also see what user or users are associated with it. In this case, Jared. It’s got endpoint, it doesn’t have config, and it does have directory services. And we also see that it’s going to be end of life in October 7, 2024. Now, we can get more device details, again, from the sources feeding us–CrowdStrike, Active Directory, SentinelOne, Tenable. We can actually see all the different sources that come together to produce this information. And there’s a lot of detail data here. This screen’s just CrowdStrike. If we click on the other one, we’ll see the related information. But here’s the environmental variables, no config management, it’s end of life. And then here’s all the software vulnerabilities, a bunch of CVEs, and then the core asset information on top of that as well. Well, let’s go ahead and go into a vulnerability view now instead of a device view, and this is a little bit different from what you’ve seen before in other Sevco demos.
So this is the Google Chromium, VA type confusion vulnerability. And we see the CVSS base, the temporal score, probability percentiles, known exploits. There’s 13 of them. And we also get a lot of enriched information from VulnCheck who we are partnered with to pull in this very detailed information, as well as the Microsoft patch information. We see that there’s a patch for this one. And we can get full details now about this vulnerability, which is really cool because now we can look at is it available? Is it public? Is it commercial? Which means could I perhaps buy this in the dark web? Is this just a proof of concept, like a white paper, or is it actually a weaponized attack? And we see all the different reference sources for that as well. And again, all that detailed rich information that’s enriched by that VulnCheck relationship that we have.
And then we can pull up all the devices that have that or we can look at reported exploitation–and we see all these different things from CISA and different reporting agencies. Here’s one from NSA. So NSA has an article about Chinese state sponsored attacks. We can scroll through that as it’s related to this particular event or I could look at affected software. Well, it’s a Google Chromium exploit, so you affect it to impact Chrome in version 11, version 10. And again, we see the CVSS temporal scores, base scores, and the EPSS probability as well of that actually being exploited.
Now, this is the exposure management dashboard. And this is really cool as well because we see a couple different areas that we can drill into, things like no endpoint protection, for example. And within that we see a criticality score, which you can actually define, but it comes with set defaults. Is this in progress? Has it been snoozed? Are we accepting this risk? Has this risk been resolved? Are we tracking it in a dashboard? And can we tie this into ServiceNow, for example? We have other related details like observation, impact and recommendations, as well as other details like, hey, half of our assets have no configure patch management, and now we have some variables up here.
So there’s 588 devices that you need to take a look at out of about 2,047 that have this issue. Now, 112 devices have been added to this list in the last 30 days, and we’ve resolved nine of them. And for those devices we’ve resolved, it took us about 14 days. Maybe that’s good, maybe that’s bad. But now you can pretty much decide when I run my metrics against this information, are we doing better? Are we doing worse than we were last week, last month, last quarter? And in addition to that, do I have remediation validation? If security finds something and hands that to IT, is this something that actually got resolved? Can we validate that IT actually patched it, that IT actually installed the patch management solution or installed the EDR or updated those devices? That’s all tracked for you in real time.
Interested in seeing how Sevco can give you this kind of visibility in your own IT environment? Click here to schedule a personalized 1:1 demo with our team.