Real Time Vulnerability Alerting by Using Principles from the United States Tsunami Warning Center

Presented at Global AppSec - DC 2019, Sept. 13, 2019, 4:30 p.m. (45 minutes)

Vulnerabilities and attacks are like tsunamis caused by earthquakes that hit without warning, causing high damage and leave us scrambling. Although one cannot predict earthquakes, there are two Tsunami warning systems operated by NOAA in United States which produce reliable results in the nick of time. Based on the same core concepts and principles we have built an open source Vulnerability Warning Center that alerts on highly seismic vulnerabilities before they hit your organization shore. In this session we will demonstrate how a real time vulnerability alerting system can be built in AWS cloud using public data. With more than 2000 unique vulnerabilities disclosed every month CSOs and security practitioners have an impossible task of cutting through the noise and prioritize the most critical issues for remediation. And doing this daily is excruciating and weekly is too slow. Won't it be nice if there was an automated system that alerted on the most gruesome high-profile vulnerabilities in real time to produce actionable insights? Unlike getting data from honeypots and sensors, we decided to take a different approach to harnessed public data on attacks, exploits, data leaks, vulnerabilities, blogs, twitter and numerous other data points to create simple alerts and graphs that warn on actionable insights in real time. The system in this initial phase itself has shown remarkable results which we will demonstrate to the audience. In the live demo we will ask the audience to pick a day or week or month and demonstrate the system's capability to identify the most pressing security vulnerabilities during that timeframe. We will examine the design and implementation details to show how the system can the noise and rank the most relevant real-time vulnerability information. We believe that we have just scratched the surface and in the future, we plan to implant NLP with AI and ML to process even more public data from different regions, languages and sources that will increase coverage, accuracy and industries that are currently targeted by the system. To conclude, we will demonstrate that a system based on public data can accurately and in real-time curate, identify and prioritize high priority vulnerabilities to provide actionable insights.

Presenters:

  • Amol Sarwate - CloudPassage Inc.
    Amol Sarwate heads CloudPassage worldwide security research responsible for cloud focused vulnerability and compliance research. He has devoted his career to protecting, securing and educating the community from security threats. Sarwate has presented his research on vulnerability trends, security axioms, SCADA security, credit card malware, exploits, IoT and others at numerous security conferences. He writes the “HOT or NOT” column for SC Magazine and holds a US patent for systems and methods for performing remote configuration compliance assessment of a networked computer device.

Links:

Similar Presentations: