Mitigation controls to vulnerable item mapping

  • Release version: Washingtondc
  • Updated September 6, 2024
  • 2 minutes to read
    • Summarize
    Summarized using AI
    This content was generated using new OpenAI-powered functionality. Results are provided on an as is basis and are not guaranteed to be accurate or complete.

    Summary of Mitigation Controls to Vulnerable Item Mapping

    The Mitigation Controls to Vulnerable Item Mapping feature allows you to associate mitigation controls with specific vulnerable items, helping you manage vulnerabilities and their underlying Common Vulnerabilities and Exposures (CVEs). This functionality aids vulnerability management teams in effectively reducing risk scores by automatically identifying mitigated vulnerable items.

    Show full answer Show less

    Key Features

    • Automatic Mapping: Security Posture Control automatically identifies vulnerable items mitigated by specific controls, such as those linked to Web Application Firewall (WAF) policies.
    • Mitigation Controls Table: The Vulnerable Item Mitigation Controls table lists mitigated vulnerable items (VITs) alongside the detected mitigation controls used. It provides a clear view of how specific vulnerabilities are addressed.
    • Mitigation Control Records: Opening a mitigation control record allows you to review details about how vulnerabilities are mitigated by the associated controls, including references to Common Weakness Enumerations (CWEs).
    • Custom Risk Calculator Rules: You can create tailored risk calculator rules that use mitigation information to recalculate risk scores based on specific vulnerabilities and their corresponding controls.

    Key Outcomes

    By utilizing the Mitigation Controls to Vulnerable Item Mapping feature, customers can:

    • Quickly identify and manage mitigated vulnerabilities, improving overall security posture.
    • Utilize risk calculators to adjust risk scores effectively, ensuring accurate risk assessments for vulnerable items.
    • Enhance vulnerability management processes by leveraging detailed mitigation control data to inform decision-making.

    Mitigation controls data is mapped to vulnerable items. You can view a list of mitigation controls that are used to mitigate the vulnerabilities and underlying Common Vulnerabilities and Exposures (CVEs) associated with the vulnerable items.

    After identifying a specific mitigation control on an asset, Security Posture Control automatically identifies any vulnerable items that are mitigated by that control. For example, any vulnerable items with CVEs that are part of signatures in Web Application Firewall (WAF) policies are marked as mitigated vulnerable items. This identification might be useful for vulnerability management teams to help them automatically reduce risk scores for vulnerable items that are mitigated.

    Vulnerable item mitigation controls table

    The Vulnerable item mitigation controls [sn_vul_vulnerable_item_mitigation_control] table has been created to map mitigation control data to mitigated vulnerable items (VITs). This table lists mitigated VITs and the detected mitigation controls that were used to mitigate the vulnerabilities and their underlying CVEs associated with the vulnerable items. The mitigated CVE records contain references to the mitigation control used for the assets, for example, Exploit Protection (EDR).

    Example data is shown in the following table.

    Table 1. Vulnerable item mitigation controls data
    Mitigation control exists Mitigation control effectiveness Detected mitigation control type CVEs mitigated Vulnerable item
    Yes/No Moderate Exploit Protection (EDR) CVE-2009-3373 VIT0018323

    Open a mitigation control record (Detected mitigation control type) on the table to review details about how a CVE and its related Common Weakness Enumeration (CWE) vulnerability is mitigated by the mitigation control associated with an asset. The mitigation control record contains details about the CWEs that have been mitigated, for example, how a mitigation setting satisfies vulnerabilities specified in a CWE.

    Risk calculator and risk calculator rules

    Mitigation information might be used to help you set up customized risk calculator rules to help you recalculate the risk scores on VITs that have specific types of vulnerabilities and mitigation controls associated with them. For this example rule, which is based on the preceding table, the default risk calculator calculates a risk score of 60 for VITs that have the mitigation control type, Exploit Protection (EDR) on detected assets. This calculation score is due to the moderate risk that is associated with the vulnerability with this mitigation in place.

    Example risk calculator rule with the following conditions:

    [Mitigation control details] [is not] [empty] AND [Mitigation control details, Detected mitigation control type] [is] [Exploit Protection (EDR)].

    Values:

    [Risk score][is][60]

    See Define fields and weights for the risk rule for Vulnerability Response Risk Calculators for more information.