PatrowlHears and Survival tips for prioritizing threats
2021-07-05, 16:10–16:45, Zoom room

With hundreds of vulnerabilities with critical or high severity to deal with, the daily security reports look like a shining Christmas tree. Prioritization of vulnerabilities is a top success factor for ensuring an efficient security incident response and vulnerability management program.
PatrOwl community provides scalable, free and open-source solutions for orchestrating Security Operations and providing Threat Intelligence feeds. A new tool has been publicly released for supporting these challenges: PatrowlHears is an advanced and real-time Vulnerability Intelligence platform, including CVE, exploits and threats news monitoring.

Solutions must be found to face the overall growing threat of attacks, talent shortage and cost optimization challenges in cybersecurity. The current trend is to rely on automation and orchestration of security operations.

The fact is automating SecOps activities leads to manage more security alerts. The downside is that potentially a bunch of new security alerts every day. By the way, with hundreds of vulnerabilities with critical or high severity to deal with, the daily security reports look like a shining Christmas tree. It could definitely lead to jaded teams or, even worse, bad decisions in vulnerability handling.

Obviously, it is not realistic to hope that all vulnerabilities will be fixed. A line have to be drawn by the business owners according with the security teams. Prioritization is an essential success factor for improving efficiency and continue to provide the highest quality and relevant service in security incident response and vulnerability management. Because the CVSS score is not enough, which are the relevant metrics ? How to collect them ? Which decision should be made ? How to review efficiency of this process and adapt it ?

This talk is about to share insights on a risk-based methodology in vulnerability management and a new open-source tool PatrowlHears. This approach is enabled by a balanced usage of SecOps automation to keep us updated for vulnerabilities, exploits and other threat information, and prioritization using vulnerability metrics, threat topicality and asset criticality. Also, it will be discussed on examples of events that should conduct us to consider reprioritization of a vulnerability handling.

Nicolas is an information security expert since 13 years and was involved in various security consulting engagements, from penetration tests to global risk assessments and security operations implementation. Today, he is currently working as a red teamer and in automating security operations at a large scale with PatrOwl solutions.