Prioritize Patching with Spotlight’s Exploited Vulnerabilities Feature
Introduction
This document and video will demonstrate how to use Falcon Spotlight to find exploitable vulnerabilities in your environment to help prioritize which systems may have a great need for patching.
Video
Spotlight for Reporting
In today’s threat landscape there is no shortage of things that need to get done. Many companies deal with an overwhelming number of alerts and investigations everyday. There is always a new attack in the news or product update that needs to be deployed. CrowdStrike recognizes that the demands on security professionals continue to grow.
In the Spotlight dashboard CVEs are already categorized by their Common Vulnerability Scoring System or CVSS Base Score, and that is a great place to start. But if that is the only prioritization method used to determine which systems get patched significant time might be wasted.
The “Exploited Vulnerabilities feature,” is an example of Falcon Spotlight offering ways to ease the demands on security professionals by simplifying the process of mitigating higher risk vulnerabilities.
To access the exploited vulnerabilities Spotlight, click in the filter bar and find the “Exploit Status” qualifier.
Using the filtering capabilities, Spotlight can add an additional filter called “Exploit Status” to quickly identify vulnerabilities for which an exploit exists, is readily available, or actively being used. This is an inclusive filter, so selecting all vulnerabilities that have an exploit ‘available’ will also include exploits that are easily accessible and actively being used.
Conclusion
In just a matter of clicks The Spotlight app has gone from identifying thousands of vulnerabilities in the organization, to highlighting the specific vulnerabilities that have a higher probability of being exploited and putting systems at risk. Using the vulnerability view we can export a report to help us focus on systems that have a high number of exploitable vulnerabilities.
Falcon Spotlight provides holistic access to the actual vulnerability status of your environment, not just reported status. With simple reporting and real time results without introducing complex hardware or time consuming scans. It provides complete, actionable reporting to help make your organization more secure.
