What is vulnerability intelligence?
Vulnerability intelligence refers to the identification, analysis and prioritisation of computer flaws and vulnerabilities that may pose a cybersecurity risk to organisations. This involves collecting information on known and potential vulnerabilities in various hardware and software systems – including operating systems, applications and network devices – and providing actionable insights to organisations.
These insights help organisations proactively manage their security risks and improve security measures. As a result, vulnerability intelligence is a critical component of any comprehensive cybersecurity programme that aims to protect digital assets and prevent security breaches.
What are common vulnerabilities?
Common vulnerabilities that are tracked through vulnerability intelligence include:
- Software vulnerabilities - These are weaknesses or flaws in software code that can be exploited by attackers to gain unauthorised access or control of a system
- Hardware vulnerabilities - This includes weaknesses or flaws in the physical components of a system, such as a processor or memory chip, that can be exploited by attackers to gain access or control
- Configuration vulnerabilities - These are weaknesses or flaws in the way that a system is set up that can make it more susceptible to attacks
- Zero-day vulnerabilities - previously unknown vulnerabilities that can be exploited by attackers before a patch or fix is available
- Proof-of-concept exploits (PoC) - A PoC exploit is a code snippet or a malicious program that is designed to exploit a security vulnerability with the goal of showing that it can be exploited
How does vulnerability intelligence differ from threat intelligence?
Vulnerability intelligence and threat intelligence are separate but related types of intelligence. Threat intelligence is comprised of insights on existing or emerging cyber threats to organisations. Vulnerability intelligence is a type of threat intelligence that is focused on the aggregation or dissemination of information about computer vulnerabilities. Cyber threats vulnerabilities intelligence helps security professionals and systems administrators make informed decisions to reduce vulnerability risks.
Cyber threat vulnerabilities intelligence deals with vulnerabilities like bugs and exploits that may be used by attackers to target organisations. It focuses on the weaknesses in software that attackers may seek to exploit, while threat intelligence focuses on the bigger picture, including the attackers themselves, their motivations, and their methods of operation.
By combining vulnerability and threat intelligence, security teams can gain a more complete understanding of their organisation's risk profile and develop effective strategies for mitigating cyber threats.
Sources of vulnerability intelligence
Vulnerability intelligence can be collected from a variety of sources. This can include:
- Security vendors - Companies that specialise in providing vulnerability assessment and management tools
- Threat intelligence companies - Companies like Silobreaker that gather intelligence on cybersecurity threats and vulnerabilities from a variety of sources
- Security researchers - Individuals or groups who search for and report vulnerabilities in software and hardware systems
- Government agencies – Agencies like the UK National Cyber Security Centre (NCSC) and the National Institute of Standards and Technology (NIST) in the US, which release advisories or alerts related to vulnerabilities
- Open-source intelligence (OSINT) - Publicly available information such as security blogs, forums and social media, which can provide insights into emerging threats and vulnerabilities
Why do businesses need vulnerability intelligence?
Vulnerability intelligence is important for businesses because it allows them to identify and prioritise vulnerabilities in their systems and applications. This allows organisations to focus on the areas of highest risk and take appropriate actions to mitigate them.
This information can then be used to develop remediation plans and track the progress of remediation efforts. By having a clear understanding of their vulnerabilities, businesses can make better security decisions and allocate their resources more effectively to improve their overall security posture. Crucially, vulnerability intelligence helps businesses stay ahead of potential threats and protect their systems and data from cyberattacks.