CVE Review
K&U logo- white green

CVE Review

Audience: Information Security Security Teams: CTI, Vulnerability, CISO

Challenge

Investigating Common Vulnerabilities and Exposures (CVEs) is a security task for Vulnerability Management, Pen Testers, and Red Teams. Cyber threat analysts use a wide range of tools to complete their investigations, and with Avalon you are able to directly contextualize and share, in real time, data and analysis with other analysts. Open source data emerges of a new attack targeting a CVE. While you are waiting for the patch status from Vulnerability Management, you are asked for additional details about that specific CVE in order to determine the risk posed to your organization to determine if it warrants escalating the patch cycle.

Avalon Collaboration

Avalon not only provides data awareness but allows analysts to get a fast and deep contextual understanding of the latest vulnerabilities via our integrations to take action.

  • An analyst adds a text node to an Avalon workspace and labels it as the CVE identifier (ex: CVE-2020-9294)
  • Once the node is added, the analyst enriches this node with Flashpoint and Intel471 data to review what they have identified about the CVE.
  • The analyst notes an Intel471 report that shows the CVE is exploiting FortiMail and lists the impacted versions.
  • Additional Flashpoint and Intel471 enrichments allow the analyst to identify known threats that are actively exploiting the CVE.
  • Emotet, TrickBot, Cobalt Strike, and NjRAT all have IOCs in Avalon making it easy to export this data and pass along the IOCs for blocking.
  • With the right data, Avalon provides awareness to analysts for better informed decision and fast action.

Outcome

  • The analyst was quickly able to identify that the suspicious domain was indeed malicious and possibly part of a broader phishing campaign.
  • The analyst was able to link the event to a finance themed phishing campaign designed to exploit office macros, and subsequently identified the activity is highly likely associated with Emotet.
  • The analyst was able to link the event to a finance themed phishing campaign designed to exploit office macros, and subsequently identified the activity is highly likely associated with Emotet.

About Us

King & Union is a cybersecurity company that has built and designed Avalon, the industry’s first cyber analysis platform. The Avalon Cyber Analysis Platform helps analysts streamline threat investigations by providing the intelligence, tools and collaboration security analysts need in a seamless, integrated workspace.