Defense is the Best Offense – NorthStar Exposure Tracking

How NorthStar Defines Risk

Risk is not one size fits all. Although each organization has their own unique variables that factor into the risk “equation,” there are ultimately five components: actors, threats, exposures, privileges and targets.

While most tools on the market focus only on actors and threats, giving you a singular picture for each individual machine, NorthStar takes it a step further by focusing on the exposures, privileges, and targets to better define risk for your organization.

 

If You Have a SIEM, Why Not NorthStar?

Most organizations have some sort of SIEM in place to aggregate data on actors and threats, correlate it, and eventually generate incidents. NorthStar Exposure Tracking uses this incident data to reconcile our intelligence about the vulnerabilities and patches across all of the assets in your environment. We can show you which assets are affected by a particular CVE, or which assets are missing critical patches.

Building on the Asset Superlist foundation, NorthStar Exposure Tracking creates a single, comprehensive and accurate list of all vulnerabilities, missing patches, and misconfigurations across your entire environment allowing you to focus on remediation. This model of risk is completely customizable to your business needs, giving you the opportunity to get creative with the data sources you choose. You no longer need multiple products. NorthStar does it all for you, placing actionable information in a single pane of glass.

 

How It Works

Plugging a vulnerability scanner into your environment can tell you where your vulnerabilities reside. Then what? NorthStar Exposure Tracking provides the how and why so you can focus on remediation.

But, how do you decide what to remediate first when faced with a mountain of vulnerability scan data? With NorthStar, you can remediate across more risk values based upon the enriched asset data in the Asset Superlist.

To guide you through the exposure landscape, NorthStar leverages data from two vital sources:

 

  1. CVE Intelligence feeds

Vulnerability scanners also limited by the data they scan, leaving you with potential blind spots.

NorthStar Exposure Tracking can compare vulnerabilities with CVE information, immediately identifying where those vulnerabilities can potentially manifest. So, NorthStar isn’t just limited by vulnerability scan data, it can reveal potential exposures based on your operating system and installed software footprint. NorthStar can also digest feeds from NIST.GOV (Mitre) and Symantec Deepsight. Automated daily checks for updated CVE information can be made from all sources and stored within NorthStar.

  1. Consuming Vulnerability Scan Data

NorthStar aggregates the data gathered by your vulnerability scan data for use in several different cases.

  • Simple Visualization
  • Associate vulnerabilities to the robust asset information present in the Asset Superlist
  • Trend the data across meaningful asset classifications
  • Search for conditions present in your environment, and cross-reference with vulnerabilities present

Visualizing the Data

What does it look like when all of this data is brought together?

Search for the presence of a specific CVE in your environment:

Exposures Enterprise Search

Scrutinize the data to gain information about the CVE:

By leveraging Symantec’s massive, worldwide threat intelligence network, NorthStar can provide substantial information about each and every CVE:

One of the strongest use cases for NorthStar revolves around remediation. With Exposure Tracking, you can  remediate across more risk values such as business unit, location, or business application based on the enriched asset data in the Asset Superlist.