7 places to find threat intel beyond vulnerability databases | Tech Industry

Breaking Tech Industry news from the top sources

The purpose of National Vulnerability (NVDs) is to create a centralized list of security-related software flaws and enable a more automated approach to vulnerability management. The US, China, and Russia all run their own NVDs.

However, there are distinct flaws with all three, meaning there could be major gaps within an organization’s vulnerability management strategy. The US NVD is slow; the media gap between a vulnerability becoming public and appearing on the list is seven days. China’s NVD is quicker to upload public vulnerabilities, but has been accused of altering data to hide government influences. The Russian NVD, run by the country’s Federal Service for Technical and Export Control of Russia, misses many vulnerabilities and is slow with what it does publish.

Good intelligence is more than a list of vulnerabilities. Instead of relying on NVDs alone to power your vulnerability scanning, companies should look to other sources to supplement their threat intelligence operations. According to a study by Tenable, over a third of vulnerabilities have a working exploit available on the same day of disclosure, giving hackers days or more of unfettered opportunity to attack. By broadening the scope of your intelligence gathering, you can close the window of opportunity for cybercriminals and gain a richer set of data with which to defend yourself.

You might also like

Comments are closed.

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. AcceptRead More