Vulnerability management is strategic to security operations and encompasses all computing assets. To effectively remediate vulnerabilities, security teams often have to correlate data and map context across environments.
This integration helps security teams streamline and standardize their vulnerability management workflows and accelerate detection and remediation of vulnerabilities.
- Automate ingestion of Tenable vulnerability scan results within Demisto for playbook-driven enrichment and response.
- Perform CVE enrichment on assets from scan results, calculate and assign vulnerability severity scores.
- Perform automated and/or manual remediation actions based on severity level according to predefined workflows.
- Leverage hundreds of Demisto third-party product integrations to enrich Tenable alerts and coordinate response across security functions.
USE CASE #1
Automated Vulnerability Ingestion, Enrichment and Response
Constantly evolving threats keep security teams perpetually behind the eight-ball trying to identify and patch vulnerabilities before they are exploited.
With the Demisto-Tenable integration, Tenable alerts are automatically ingested into the Demisto platform. Upon ingestion, automated playbooks enrich and add context to these alerts by remotely executing Tenable actions within Demisto. The playbook then hands-off control to security analysts for further investigation or remediation.
The solution helps analysts prioritize alerts based on severity level and the threat actor behind the attack. This has proven to shorten the time from detection to response from hours to minutes. In addition, a standardized process implemented via automated playbooks can pave the way to more proactive vulnerability management.
USE CASE #2
Interactive, Real-time Investigation for Complex Threats
While playbooks can automate commonly performed tasks to ease analyst load, an attack investigation usually requires additional tasks such as pivoting from one suspicious indicator to another to gather critical evidence, drawing relations between incidents, and finalizing resolution. Running these commands traps analysts in a screen-switching cycle during investigation and a documentation-chasing cycle after investigations end.
After running enrichment playbooks, analysts can then gain greater visibility and new actionable information about the vulnerability by running Tenable commands in the Demisto War Room. For example, if playbook results throw up alert details, analysts can retrieve details for a given vulnerability or get specific device information. They can also run commands from other security tools in real-time using the War Room, ensuring a single-console view for end-to-end investigation.
The War Room allows analysts to quickly pivot and run unique commands relevant to incidents in their network from a single window. All participating analysts will have full task-level visibility of the process and be able to run and document commands from the same window. There is also no need to manually collate information from multiple sources as all automated and manual actions are auto-documented for easy post-investigation audit and reporting.
We hope you found this integration overview useful. To explore Demisto in greater detail, you can download our free community edition below.