Survival tips for prioritizing threats

By Nicolas MATTIOCCO

Elevator Pitch

With hundreds of vulnerabilities with critical or high severity to deal with, the daily security reports look like a shining Christmas tree. Prioritization of vulnerabilities is a top success factor for ensuring an efficient security incident response and vulnerability management program.

Description

Solutions must be found to face the overall growing threat of attacks, talent shortage and cost optimization challenges in cybersecurity. The current trend is to rely on automation and orchestration of security operations.

The fact is automating SecOps activities leads to manage more security alerts. The downside is that potentially a bunch of new security alerts every day. By the way, with hundreds of vulnerabilities with critical or high severity to deal with, it’s like a shining Christmas tree in the daily security reports. It could definitely lead to jaded teams or, even worse, bad decisions in vulnerability handling.

Obviously, it is not realistic to hope that all vulnerabilities will be fixed. A line have to be drawn by the business owners according with the security teams. Prioritization is an essential success factor for improving efficiency and continue to provide the highest quality and relevant service in security incident response and vulnerability management. Because the CVSS score is not enough, which are the relevant metrics ? How to collect them ? Which decision should be made ? How to review efficiency of this process and adapt it ?

This talk is about to share insights on a risk-based methodology in vulnerability management. This approach is enabled by a balanced usage of SecOps automation to keep us updated for vulnerabilities, exploits and other threat information, and prioritization using vulnerability metrics, threat topicality and asset criticality. Also, it will be discussed on examples of events that should conduct us to consider reprioritization of a vulnerability handling.

Notes

The talk will be held in english by Nicolas, an active speaker on SecOps automation and vulnerability management topics. Nicolas is an information security expert since 12 years and was involved in various security consulting engagements, from penetration tests to global risk assessments and security operations implementation. Today, he is currently working as a red teamer and in automating security operations at a large scale with PatrOwl.