In the race to produce code, security can sometimes seem like a bit of a speedbump. Engineering teams face tight deadlines and security teams want to ensure the code doesn’t ship with vulnerabilities that could lead to the next big breach.
At Qwiet AI, we’ve found that even highly accurate scans and reachability details can still leave organizations wondering which fixes to prioritize that will maximize risk reduction and minimize tech debt. That is why we’ve introduced Blacklight to the preZero platform.
Threat feeds are a common tool in any InfoSec program, feeding into a SIEM or SOAR and tasked with enriching data collected by various security tools deployed throughout the organization. This information can help better understand the nature of the attacks and help teams react in an informed manner. The key word here, is “react“, as threat feeds are typically used in an “after-the-fact” manner. This is where Blacklight makes a difference.
Blacklight correlates our threat feed with your scan results, allowing you to see what Exploits, Threat Actors, Ransomware, and Botnets have been spotted exploiting the discovered vulnerability in the wild. This information allows you to proactively fix the vulnerability before code is pushed live, turning the threat feed from reactive to proactive.
Ranging from 0 to 1 (representing 0% to 100%) the Exploit Prediction Scoring System (EPSS) is an open model that utilizes machine learning to predict how likely a CVE is to be exploited in the wild. This data is pulled from various public and private sources, including real world information from SIEM tools. This helps Qwiet AI customers understand the severity of a vulnerability in a way that a simple enumeration of CVSS and CVEs alone does not.
Blacklight results can be sliced and diced based on your preference. Selecting “Exploitable” will quickly sort to all results containing an EPSS score, but you can also utilize more advanced sorting to specify the EPSS range you’d like to view.
One of the biggest issues organizations face is one of prioritization. Now with Blacklight, Qwiet AI customers will have another tool at their disposal to help prioritize the issues found during a scan.
Utilizing a built in threat feed, Qwiet AI customers can know which vulnerabilities in their applications have active exploits out in the wild. Clicking on “Exploitable” provides a very quick way to immediately filter on scan results with an EPSS score. Additional filters allow you to fine tune the EPSS score range you want to select, letting you choose which vulnerabilities are the highest priority for your organization.
When playing the balancing act between time to market and security, knowing which vulnerabilities pose a real and existing threat can help focus engineering efforts on the fixes that will have the biggest impact and provide the largest reduction in risk. Blacklight is just another way Qwiet AI is helping our customers reduce the noise generated by false positives and focus on what’s important: releasing secure code without increasing tech debt. Click on the link below to try it out for yourself!