Jump to Content
Security & Identity

Gain a Deeper Understanding of Vulnerabilities with Our Enhanced Vulnerability Intelligence Offering

March 30, 2023
Mandiant

Written by: Jared Semrau


The number of vulnerabilities being publicly disclosed every year is growing, yet organizations’ ability to address them have not scaled at the same rate. Many organizations struggle with vulnerability management. Sometimes, instead of focusing on the vulnerabilities that should be patched first, teams under pressure will make difficult decisions on which vulnerabilities they should deprioritize. Add in mixed messages from various sources on severity, varying industry standards, and a lack of clarity as to what the actual threats are, and it’s easy to see why organizations are struggling.

Mandiant has been a trusted partner in the vulnerability prioritization space for roughly 15 years now. Mandiant not only provides information on vulnerabilities being actively exploited in the wild, but also provides unique insights on what vulnerabilities are being used by attackers in impactful breaches around the world. Security teams work with us to cut through the noise and identify the vulnerabilities that pose the biggest threat to them.

Our latest iteration of Mandiant Vulnerability Intelligence helps security teams better manage vulnerabilities. To effectively enable our customers to prioritize and action vulnerabilities, we have overhauled nearly every aspect of how our vulnerability intelligence is created and maintained, providing teams with more data and intelligence on these threats, even faster than before, while maintaining our high standard of quality.

What’s New

While the total number of changes and updates are numerous, we would like to highlight three major developments in particular:

  • More Context: We worked with our customers to understand what contextual insights best enable security teams to manage vulnerabilities in today's security landscape. Based on these priorities, we added context for 17 new data elements, and made improvements to four existing data elements that we can deliver on each vulnerability. The new data includes aliases, CISA Known Exploited Vulnerability Catalog data, EPSS scores, MVE (Mandiant Vulnerability Enumeration) IDs, and Days to Patch, as well as expansion on context already covered such as CPEs, CWEs, exploit details, and version history. In addition to deeper insight per vulnerability, we are also able to more holistically cover all vulnerabilities as they emerge, better ensuring that we have breadth of context available on the many vulnerabilities customers need to prioritize and action.
  • Faster Delivery: By completely overhauling how our vulnerability intelligence is collected, triaged, analyzed, and published, we have further increased the speed at which we can deliver these insights to customers. This improvement can help ensure users have the context they need at the time it will be most impactful in managing the limited security resources needed to address the constantly growing number of vulnerabilities.
  • Improved User Experience and Usability: In addition to the changes made to our data, we also have made numerous changes to the user experience and user interface perspective to help customers better interact with our data. These changes include introducing over 35 new vulnerability-specific filters to better narrow down the specific vulnerabilities customers care about. We also introduced numerous organizational and graphical improvements to the individual vulnerability views such as timelines, graphical representations of affected vendors and types of code available, and a more tabular navigation style. These changes should help customers find both the vulnerabilities they already know about, and others that they should.

These expanded vulnerability insights are available to all users with access to Mandiant Vulnerability Intelligence, and can help users obtain more value from our intelligence APIs, technology integrations, browser plug-in, and portal.

A Walkthrough of Enhanced Vulnerability Intelligence Offering

Let’s take a slightly deeper look at the new Vulnerability Intelligence experience:

  • Key Insights and New Timeline Front and Center: Through reorganizing existing fields and adding new key fields, such as our Vulnerability Timeline, customers are able to quickly determine how much or a risk and threat a specific vulnerability poses, but also understand how the vulnerability has evolved over time by highlighting key milestones, such as date of disclosure and exploit code release dates.
https://storage.googleapis.com/gweb-cloudblog-publish/images/fig1-vuln-intel_lzui.max-1500x1500.png

Figure 1: Vulnerability Details for CVE-2021-44228

  • New Tabular Navigation: As the number of insights delivered to our customers increases, the need to better organize that data increases as well. Therefore, we have reorganized the vulnerability pages in Mandiant Advantage to better segment on our insights and more clearly display what we know about each vulnerability.
https://storage.googleapis.com/gweb-cloudblog-publish/images/fig2-vuln-intel_hvvm.max-1200x1200.png

Figure 2: Tabular Navigation and the New Vulnerable Products Tab

  • Support for New and Existing Industry Standards: Whether it is cutting edge metrics or older standards, we continue to support customers using the data they need, and sharing that information in a clear and concise manner only helps us better support their workflows.
https://storage.googleapis.com/gweb-cloudblog-publish/images/fig3-vuln-intel_bfvz.max-800x800.png

Figure 3: Support for Industry Standards, Including CISA KEV and EPSS

  • Vulnerable Product and Exploit Grade Graphics: In addition to the numerous new data points that can be found, we have also added new visuals to better understand what vendors are most impacted by a specific vulnerability, and what type of code is currently available.
https://storage.googleapis.com/gweb-cloudblog-publish/images/fig4-vuln-intel_iddm.max-900x900.png

Figure 4: Vulnerable Products and Exploit Grade Graphics

  • Improved Search Filtering and Sorting: By vastly improving the number of filters customers are able to apply when searching for vulnerabilities, they are more able than ever to identify and action the vulnerabilities that match their specific needs.
https://storage.googleapis.com/gweb-cloudblog-publish/images/fig5-vuln-intel_lpsm.max-1700x1700.png

Figure 5: Improved Filtering on Vulnerability Dashboard

In Closing

The latest improvements to Mandiant Vulnerability Intelligence in Mandiant Advantage Threat Intelligence allows us to continue doing what we do best: providing customers a deep, holistic, and clear understanding of the vulnerabilities that matter most, and what they can do to better manage them. It is our continued use of industry-leading vulnerability analysts and our application of unique insights from security breaches all around the world that enable us to reduce uncertainty regarding vulnerabilities, and enable organizations to make better informed decisions regarding the management of their assets.

Posted in