Prioritizing Risk With NorthStar

With increasing frequency, there seems to be a common narrative among organizations suffering from a public data breach:

  • A vulnerability is identified in an underlying component of a commercial software solution.
  • The vendor releases a patch to address the vulnerability.
  • Months, if not years later, an organization using that software solution is subject to a data breach.
  • Forensic analysis reveals that the cause of the breach is due the exploitation of the same vulnerability still present on the system despite the availability of a patch.
  • Personal Identifiable Information (PII) was found accessible or stored on the affected systems with inadequate security controls in place
  • Attackers managed to exfiltrate PII data

Sound familiar? This narrative has been the story of almost every major breach in the past several years.  There are two key questions to take away from this cautionary tale.

  1. If a patch was available, why was the vulnerability still present on an affected server months/years after the patch release?
  2. If access and/or storage to PII is critical to the function of the application, why was this application not prioritized for patching since it represents a high-risk asset (web-facing, PII accessible)?

Both questions point to a failure in prioritizing risk. Many organizations spend millions of dollars on security solutions to address critical issues like patching, but lack the ability to bring the information generated by these solutions together in a meaningful way.  Vulnerability intelligence is just noise unless it is married to accurate asset state data.

With NorthStar, our customers start by building an accurate inventory based on the information generated by their existing tools and management systems.  Once that asset repository is built, NorthStar can overlay existing business logic and information to help identify important characteristics like line of business and data classifications.  This enriched asset inventory serves as the foundation for NorthStar to add existing and commonly used threat intelligence feeds like the CVE database and Symantec Deepsight to bring together actionable vulnerability and remediation information.  When coupled with the asset inventory, this exposure data is now accessible and centrally located for any stakeholder in the organization from the CISO down to the Help Desk.

Vulnerability is just noise unless it is married to accurate asset state data.

The accessibility of exposure and asset data dramatically changes the approach to remediating existing vulnerabilities.  By leveraging the enriched data that NorthStar provides, organizations can make critical and informed decisions based on real, verifiable data.  When new vulnerabilities are identified, organizations can see from a single pane of glass where they exist in their environment as well as the criticality of those systems to the overall business, and users can prioritize the remediation efforts accordingly.  NorthStar users can also leverage historical data to track their ongoing remediation efforts based on a specific vulnerability or across the entire attack surface of the organization.

By utilizing NorthStar’s consolidated exposure and asset data, organizations are assured that they are utilizing their personnel and resources in the most impactful way.

 

NorthStar: Assets with Vulnerabilities
Fig #1. Workstations by Vulnerabilities View each workstation and their associated vulnerability risks – Drill down to see even more.

 

NorthStar: Vulnerability Distribution
Fig #2. Vulnerabilities by Operating System Distribution. Quick view of which operating system distributions in your environment have the most vulnerabilities.

 

NorthStar: Average Risks Per Business Application
Fig #3. Prioritizing Risk by Business Application. Easily see which of your business applications are the highest risk to your organization.

 

Email: connect@northstar.io  |   Phone: 312-421-3270  | NorthStar