Is AI the solution to vulnerability management?

Security & GRCThreat & Vulnerability ManagementThreat Intelligence & Incident Response
1.6k views3 Upvotes5 Comments
CEO and Co-Founder in Software, 51 - 200 employees
The problem with vulnerability management sounds complex but it isn’t. From a data standpoint, there are only 200K known, unique vulnerabilities. The challenge is understanding which one is a known exploit, labeling the exploit as a remote code execution (RCE) and determining which one is trending or trying to do ransomware; that’s where AI models can help. The marketing term for it is “knowledge graph” but what you're really doing is indexing everything and ranking it all, like a search engine. 

That's what we have done at RiskSense: We took what Google did 20 years ago with apps and authorities from a page rank perspective, and then re-implemented that for cyber today from a vulnerability and threat management perspective. For example, one metric is called Term frequency–Inverse document frequency (tf–idf) and measures how often or how rarely the term occurred. 

So using that approach, we went back and looked at all exploit code that's committed to Metasploit and PRCs. Rather than taking the tags at face value, we studied those exploits ourselves and labeled them using Natural Language Processing (NLP). It used to take four days for an analyst to understand an exploit and label it; today we can do it in four seconds. That's a huge win for us. We run the models on a continual basis now and when a new exploit comes, we label it. If we don't get the accuracy then a human looks at it. It's a very typical live example.
1
Director of Security Operations in Finance (non-banking), 5,001 - 10,000 employees
The big challenge with vulnerability management—even with the small number we have—is narrowing down which ones are most important. I understand that every vulnerability doesn't have the same level of importance within the environment and we have the rating system, etc. But when you have thousands of machines sitting in the environment, imagine having the ability to say, "This is important, but the reality of the situation is that you need to patch these 47 machines out of your fleet of 15K right now. Because as I look at the environment, these are the ones that either have the most critical data or are on an exploitation path so this needs to be closed." Then I could say to my team, "This is where I really need you to focus." Think about what that does in terms of true risk management in the environment and the level of effort required. I am doing that manually now and there are just not enough hours in the day.
1
Director of IT in Software, 201 - 500 employees
Not the solution but will enhance it drastically
2
CIO in Education, 1,001 - 5,000 employees
No, but proper utilization of AI in the space could possibly benefit us all.
1
Chief Information Officer in Manufacturing, 10,001+ employees
I don't think it's the be-all solution for vulnerability management but more another tool in the toolbox to manage and administer your vulnerability strategic platform.
2

Content you might like

Generally speaking, are you feeling optimistic about the state of DEI in cyber? Interested in hearing your reasons in the comments.

Security & GRCTalent Sourcing & HiringCulture & Values

Yes – very optimistic!31%

Yes – mildly optimistic.56%

No7%

I’m not sure5%


242 PARTICIPANTS
2.4k views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
43.6k views132 Upvotes319 Comments

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRCThreat & Vulnerability Management
Read More Comments
3.3k views5 Upvotes5 Comments

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data. 

Security & GRCRegulatory Compliance
26 views

In terms of the overall level of risk associated with business data, where are organizations seeing the most risk today?

Security & GRC

Structured Business Data62%

Unstructured Business Data37%


532 PARTICIPANTS
2k views2 Upvotes