How do I use Threat Vector Insights?

NopSec is now categorizing vulnerabilities using its Threat Intelligence feed into several categories. This insight page aims to highlight where these threat vectors are in your environment and ideally identify potential root causes for them.

Last Updated: 4/1/24

 

Overview

The goal for Threat Vectors is to categorize vulnerabilities with labels that enable users to determine more context of a specific vulnerability without having to read the full details. These categories also enable us to determine different risk based scenarios and prioritize based on those scenarios. The Threat Vector Insights page aims to showcase and highlight these categories to our users similar to Celebrity Vulnerabilities and CISA KEV items, while also providing them with insights on those vulnerability instances.

Categorization

Every vulnerability with a CVSS score is assigned Exploitability, Impact, Temporal, and Environmental metrics which are represented as Vector Strings by the National Vulnerability Database (NVD). These metrics are part of our categorization, however, we're also applying a data science approach by leveraging models to parse vulnerability data and label each vulnerability based on our training. We also allow our research team to influence these categorizations through proprietary rules that we run to further categorize vulnerabilities.

See an example here.

Insights Page

The first page you land on within the Threat Vector Insights page is similar to the Celebrity Vulns or CISA KEV design, it is focused on quickly showcasing different categories and their current scope (number of vuln instances) within your environment. From here you can deep dive into a specific categories insight page filled with Insight Widgets. 

Summary Section

The summary section in this page combines several of the categories to identify the riskiest combination of threat vectors:

  • Unauthenticated + Remote Attack + Code Execution + Active Exploits
    • These vuln instances represent the riskiest vulnerability instances from the lens of the Threat Vectors.

Threat Vector Insight Details

Once you select a threat vector you'd like to learn more about click on the View Details button. This will load a full page view of Insight Widgets focused on vuln instances with that category. 

Here you can review each widget to identify potential risk based on different properties of the data. 

 

Example

Threat Vector: Remote Attack

  • You learn you have 3,000 vuln instances that are not in a plan. This means you have unmanaged risk with regard to this threat vector as no one is actively working to resolve them.
  • You click on the View Details and view the Insight Widgets. For this Example let's look at the following widgets:
    • Open Vuln Instances By Severity
      • We learn that the majority of these instances have received a NopSec Vuln Instance score of Medium and Low. However, there are 46k vuln instance considered risky (10k vuln instances marked as Critical and another 36k marked as High). You can click on the graph to go to a Prioritize report for these items. 
    • Internet Facing
      • We learn that 6% of our vuln instances with this threat vector reside on targets considered Internet Facing. This should further raise the priority of these items.
      • You can click into the graph to view these instances in the Prioritize page and create a remediation plan for them.