Often, in the world of information security and risk management, the question facing threat intelligence teams is amidst this sea of vulnerability disclosures, which ones matter the most to my organization? Which can impact us the most? And, how do I best explain threats to internal stakeholders in a way that helps minimize risk?
Reducing risk through proper patch management is not always simple. Not all common vulnerabilities and exposures (CVEs) are equally important. In July 2020, for example, the U.S. Department of Homeland Security released multiple top-priority advisories. One covered known exploits against certain application delivery systems (CVE-2020-5902) and another covered detected vulnerabilities in a domain name system (DNS) server (CVE-2020-1350). While both are top priorities, how do they apply to the network you use? Which threats are the most likely to impact your core business?
To better answer this, we must be able to identify relevant threats before beginning to address patching or manage risks. Enter threat identification: a necessary process that has become increasingly complicated.