Applying Data Analytics on Vulnerability Data
Organizations, by law, should exercise due care and due diligence in securing data at rest, in transit, and in use. Regardless of the whereabouts of data, an organization needs to thwart adversaries and secure its data properly. One of the key methods of thwarting external attackers is to lock down public-facing networks. To secure public-facing networks, a prudent organization often conducts vulnerability assessments. It may take a month or more for tens of thousands of IP addresses because of the time and effort required in collating and analyzing overwhelming vulnerability data. A common penetration testing proverb Nine hours of fun and ninety hours of writing accurately states the ratio of time between performing vulnerability scans and analyzing vulnerability data, which may be further extrapolated to estimate the number of hours required to analyze the vulnerability data of tens of thousands of hosts. To increase the fun aspect in assessment, we can utilize data analysis techniques and tools, which would eventually help save the time taken to analyze vulnerability data, and hence, produce effective reports quickly. Data analytics techniques using Splunk and Pandas can be leveraged to quickly and efficiently analyze network vulnerability reports from a scanner, for example Nessus. Data analytics tools and techniques help in reducing the time required to analyze vulnerability data as a part of vulnerability assessment.
36532 (PDF, 10.94MB)
23 Dec 2015Related Content
A Startups Guide to Implementing a Security Program
Research PaperStartups struggle to balance survival with the practical implementation of a security program. There...
- 8 Oct 2020
Putting it all together through Automation
Research PaperMost problems faced in Information Security are typically time sensitive. For Forensic Engineers and...
- 22 Apr 2019
Information Security Best Practices While Managing Projects
Research PaperTo maximize long-term return on investment (ROI) with a project's delivery, taking information...
- 25 Mar 2019
Logon Banners
Research PaperLogon banners have been a common feature of operating systems and applications for many years....
- 20 Mar 2019
Security Considerations for Team Based Password Managers
Research PaperPassword management applications are a common and practical way to store complex passwords. They use...
- 23 Jul 2018
Content Security Policy in Practice
Research PaperThe implementation of Content Security Policy to leverage web browser capability in protecting a web...
- 6 Jul 2018
Agile Security Patching
Research PaperSecurity Patch Management is one of the biggest security and compliance challenges for organizations...
- 3 May 2018
Speed and Scalability Matter: Review of LogRhythm 7 SIEM and Analytics Platform
Research PaperJust how scalable, fast and accurate are SIEM tools when under load? To find out, we put the...
- 13 Apr 2017
- Dave Shackleford
Bill Gates and Trustworthy Computing: A Case Study in Transformational Leadership
Research PaperThe notion that IT security is a serious issue is non-controversial. The market for cybersecurity...
- 20 Sep 2016
Filling the Gaps
Research PaperThere should be an emphasis on the importance of regular internal and external auditing focusing on...
- 18 Aug 2016
Investing in Information Security: A Case Study in Community Banking
Research PaperSmall businesses, such as community banks, often do not have resources dedicated to information...
- 12 Aug 2016
Introduction to Rundeck for Secure Script Executions
Research PaperMany organizations today support physical, virtual, and cloud-based systems across a wide range of...
- 11 Aug 2016
Using Information Security as an Auditing Tool
Research PaperAs cyber-attacks are gaining visibility within mainstream media, what once was knowledge for...
- 14 Jul 2016
Framework for Innovative Security Decisions
Research PaperRemember the Periodic Table of chemical elements (Dayah, Dynamic Periodic Table, 1997)? It...
- 3 Nov 2015
Security Data Visualization
Research PaperThe objective of this paper is to provide guidelines on information security data visualization and...
- 28 Oct 2015
Behind the Curve? A Maturity Model for Endpoint Security
Research PaperBehind the Curve? A Maturity Model for Endpoint Security
- 22 Oct 2015
The Sliding Scale of Cyber Security
Research PaperThe Sliding Scale of Cyber Security is a model for providing a nuanced discussion to the categories...
- 1 Sep 2015
Protecting Third Party Applications with RASP Infographic
Research PaperProtecting Third Party Applications with RASP Infographic
- 27 Aug 2015
What Companies need to consider for e-Discovery
Research PaperWithin the legal environment, Discovery is the process of identifying, locating, preserving,...
- 24 Aug 2015
Integration of Network Conversation Metadata with Asset and Configuration Management Databases
Research PaperThe use of encryption to protect the confidentiality of network communications is on the rise.
- 26 May 2015