Blog Viewer

Analysis of Vulnerability Scan Output

By Jarad Schraeder posted 10-21-2021 20:24

  
Please enjoy this blog post authored by Jarad Schraeder, Cybersecurity Manager, Davis Wright Tremaine LLP.

Regardless of the size and scope of your environment, vulnerability management is a daunting task. Depending on the maturity of our vulnerability management program, the vulnerability scan results can create a challenge of prioritization, which for some law firms can be hard to tackle based on the resources you have available.

There are automated solutions on the market like Insight VM or Vulcan Cyber to address priorization, but not everyone has the budget or time to deploy a tool like that. Whatever your current vulnerability scanner is, it should have the capability to download and export results to an Excel file. Once that file is downloaded to Excel, you can now filter the results based on CVE, CVSS Score, Severity Rating, or another category. This filtering can be a time-consuming effort that can slow down the patching process as determining what to patch and what not patch is difficult. Below, I describe some actionable steps you can take to help your vulnerability management program through mining data and prioritizing risk, regardless of your maturity.


    • Excel Pivot Tables
      • Pivot tables allow you to calculate, summarize, and analyze data to see patterns, trends, and view data from scan output in a more digestible way. For example, you can create a table based on CVE, severity, solution, etc. as shown in the example below:


                                  Photo Credit: https://www.youtube.com/watch?v=-XhURK-imT0


    • Splunk Integration
      • Splunk is a data aggregation platform used across IT and Security teams to analyze data, identify security threats, correlate data, and more. In my current role at Davis Wright Tremaine LLP we leverage Splunk to aggregate multiple scans (20+) into one comprehensive report to better analyze data and remediate identified vulnerabilities.

    • Power BI Dashboard
      • Power BI is a business analytics service by Microsoft. This application is similar to Tableau and aims to provide interactive visualization and business intelligence through reports and dashboards of data from Excel files, SharePoint, and other sources. By using Power BI for vulnerability analysis, you can upload your excel files and create easily digestible reports/dashboards to identify impacted hosts, create timelines of patching progress, identify scope of risk landscape more easily, and much more.
      • Data Sources
      • Examples

             Photo Credit:


    #SecurityProfessionals
    #Security
    #ServerOperationsandSecurity
    #Firm
    0 comments
    37 views

    Permalink