Security Insight and Intelligence
Vulnerability Management Challenge

Organisations need to review, manage and prioritise too many security testing reports. It is becoming harder and more time consuming to identify common vulnerabilities across different vendor reports leading to duplicate information and confusing risk scores.

Desipte investing vulnerability management activities and meeting KPIs CISO’s, security managers and team leaders don’t know the organisation’s risk profile. Prioritising fixes and mitigations is a complex process requiring both security and development teams to work together.

Limited Data Sources
There are multiple vendors offering their own scanning solutions looking out for malware, unpatched vulnerabilities and so on. Most of these only consult their own data sources, meaning that unless you use them all, you don’t have the whole vulnerability picture. Even if you were to subscribe to every scanner available, it is very time consuming to combine their outputs into an actionable list of priorities.
Risk Assessment Is Generic, Not Company-Specific
Most services present the same risk data to every client company. Severity scales – indicating how important it is to address a particular threat – are based on generic risks, not on your organization’s systems and code. You may waste resources addressing issues that are not relevant to your activities, and miss the truly critical issues.
Threat Assessment Is Reactive, Not Proactive
Conventional threat models examine only code that is already deployed. The development team may be creating new threats that have not been identified.
Cortex Insight Platform
Cortex Insight is has developed a SaaS Threat and Vulnerability management platform that aims to address the weaknesses in vulnerability and threat management.

Pulls vulnerability data from multiple sources and aids prioritisation

Build a threat model specific to your systems or activities

Use functional and non-functional requirements to identify threats in advance

Cortex Insight Platform Introduction

Key Features

  • Reduction of Vulnerability footprint using Threat Model based Prioritisation
  • Threat Modelling using Functional and Non-Functional Requirements
  • Security Standards based Non-Functional Requirements, such as PCI-DSS, NIST, etc.
  • Compensating Controls for Threat Management
  • Vulnerability Mitigation Workflow
  • Automated Prioritisation based on Threat Model
  • Automated Vulnerability Consolidation and Aggregation from multiple sources
  • Integration to other toolsets through native integrations or using RESTful API access

Key Benefits

  • Measure risk reduction not quantity of fixed vulnerabilities
  • Automated management of large volumes of vulnerability information from multiple sources
  • Correlation of similar vulnerabilities as one entity
  • Ability to apply mitigations to the risks through workflow validation
  • Workflow to incorporate security controls to reduce threats
  • Supports multiple risk ratings (including CVSS2 & CVSS3)
  • Reduction of threat footprint through a prioritised remediation list
Research Blog
No posts found!