Detecting Vulnerabilities With Vulnture

Introducing a new open source tool for more quickly identifying security vulnerabilities across your assets.

Mark Vlcek
7 min readadvanced
--
View Original

Overview

The article discusses Vulnture, a tool developed by Airbnb's InfoSec team to streamline the detection and remediation of security vulnerabilities. It highlights the challenges associated with vulnerability data ingestion and the benefits of using Vulnture to automate this process.

What You'll Learn

1

How to implement Vulnture for vulnerability detection in your assets

2

Why using the NVD and CVE List is essential for security

3

When to query vulnerability data sources to stay updated

Prerequisites & Requirements

  • Understanding of security vulnerabilities and asset management
  • Familiarity with AWS DynamoDB and Terraform(optional)

Key Questions Answered

What is Vulnture and how does it work?
Vulnture is a serverless tool that ingests known assets, queries vulnerability databases like the NVD and Cisco Security Advisories, and notifies users of discovered vulnerabilities. It automates the process of vulnerability detection, making it easier for organizations to manage security risks.
What challenges does Vulnture address in vulnerability management?
Vulnture addresses challenges such as the difficulty of ingesting vulnerability data, the need for frequent updates from the NVD, and the complexity of managing multiple vulnerability feeds. It simplifies the process by automating asset queries and notifications.
How often does Vulnture query vulnerability data sources?
Vulnture is set to query its vulnerability data sources once per day to ensure users receive timely information about vulnerabilities impacting their assets. This regular querying helps organizations stay informed about potential security risks.
What are the future plans for Vulnture?
Future updates for Vulnture include additional notification options, support for more detailed asset information, and leveraging the new NVD API to enhance vulnerability queries. The goal is to make Vulnture more robust and adaptable to various environments.

Key Statistics & Figures

Median lag time for vulnerabilities to be populated in the NVD
7 days
This statistic highlights the delay organizations may face in being notified about known vulnerabilities.
Percentage of security breaches discovered externally
85%
This statistic underscores the reliance on third parties for identifying security incidents rather than internal detection.

Technologies & Tools

Some links below are affiliate links. We may earn a commission if you make a purchase.

Database
AWS Dynamodb
Used to store asset information that Vulnture queries for vulnerability detection.
Infrastructure As Code
Terraform
Used for deploying Vulnture, simplifying infrastructure management.

Key Actionable Insights

1
Implement Vulnture to automate vulnerability detection in your organization.
By using Vulnture, you can streamline the process of identifying vulnerabilities in your assets, reducing the manual effort and time required to stay secure.
2
Regularly update your asset inventory in DynamoDB for effective vulnerability management.
Maintaining an accurate record of your assets allows Vulnture to effectively query for vulnerabilities, ensuring you are alerted to potential security issues promptly.
3
Consider integrating additional vulnerability data sources for comprehensive coverage.
By expanding the sources Vulnture queries, you can enhance your security posture and reduce the risk of missing critical vulnerabilities.

Common Pitfalls

1
Failing to regularly update asset records can lead to missed vulnerabilities.
Without an accurate inventory of assets, Vulnture may not effectively identify vulnerabilities, leaving your organization exposed to risks.
2
Relying solely on the NVD for vulnerability data can result in delayed notifications.
Since the NVD can have a lag time of several days, it's crucial to incorporate additional sources of vulnerability data to stay ahead of potential threats.

Related Concepts

Vulnerability Management
Asset Management
Security Best Practices
Nvd And Cve List Utilization