Follow

Vulnerability Aggregation

Finding a vulnerability and naming a vulnerability are two different phenomena. Finding a high-profile high-severity vulnerability requires a clever mind, diligence and of course experience. However, finding an expressive and good name for that vulnerability requires other abilities. There are many security vulnerability names that don't really express much about itself. Sometimes the vulnerability names that researchers come up with for their beloved 0-days are too clever and sometimes they are explicitly designed for advertisement.

For a non-English speaker then perhaps the real problem shows its face when you are trying to translate all those vulnerability names into the native language. Moreover, different vulnerability scanners, web or non-web, include different names for the same vulnerabilities.

NormShield provides an easy way to dynamically aggregate existing vulnerabilities into custom vulnerability created during any period of vulnerability management process. Hence after a while a standard view of vulnerabilities will be experienced in one place helping information security maturity level by providing a shared vulnerability nomenclature.

Figure 1 shows the aggregation dialog that can be opened from Vulnerability->Knowledge Base sub menu. And follow the below simple steps;

  1. First create your custom vulnerability category with its glory details (vulnerability name, severity, description, mitigation etc.)
  2. When the new vulnerability category is created, click from the vulnerability definition listing user interface, clicking Aggregation icon next to every vulnerability definition will lead to Figure 1. Here search and add the existing vulnerability categories of which you want to converge (aggregate) to this newly created custom vulnerability category.

Figure 1 - Vulnerability aggregation

It's also possible to do smart aggregation, which makes sure that all of the aggregated vulnerabilities appear as a single vulnerability. But it's vital to know that great power comes with great responsibility. When the smart aggregation is implemented the ticketing and reporting are also affected (the statistics, numbers, etc.). So after an aggregation rules are inserted, it should be reversed with caution and prevented

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk