Meet us at RSAC 2024, May 6-9 Let’s Meet

×
×

Seemplicity secures a total of $32M to bring the future of work to security teams!

Seemplicity
Read More

Quicker Fixes for What Matters Most: Seemplicity Leverages VulnCheck KEV
Kevin Swan, March 26th, 2024

With the Seemplicity platform and VulnCheck KEV, organizations can remediate the riskiest vulnerabilities faster than ever. The integration of the VulnCheck KEV catalog, a community resource that enables security teams to manage vulnerabilities and risk with additional context and evidence-based validation, is available to all Seemplicity platform customers.

This integration helps ensure remediation teams prioritize vulnerabilities that are actively being exploited in the wild, rather than those that merely have the potential to be exploited. VulnCheck KEV provides vulnerability intelligence above and beyond that of CISA KEV for remediation teams, and when paired with Seemplicity, maintains a steady flow of remediation activities that are effective and justified with contextual information.

 

What is VulnCheck KEV?

The VulnCheck Known Exploited Vulnerabilities (KEV) catalog is a free offering, made available to the VulnCheck Community. It provides detailed intelligence on vulnerabilities that have been exploited in the wild, giving organizations earlier and broader visibility than otherwise available from public sources. It also provides references to credible information about exploits, detailing key information about when, where, and how exploits occurred as reported in publicly-available sources.

 

How is VulnCheck KEV Different Than CISA KEV?

VulnCheck KEV differs from CISA KEV in 3 main ways.

1. It tracks more vulnerabilities.

The VulnCheck KEV catalog provides the largest real-time collection of known exploited vulnerabilities. It doesn’t narrow its focus through the lens of US government agencies, and it currently tracks 80% more vulnerabilities exploited in the wild than CISA KEV.

2. It’s Faster.

It’s able to get vital vulnerability information posted faster than CISA KEV. In fact, VulnCheck KEV exploits are posted an average of 27 days earlier than CISA KEV.

3. It’s more informative.

The VulnCheck KEV catalog includes citations for every CVE, so security teams have a clear picture of why the vulnerability has been listed. This includes providing proof of concept code where possible. Additionally, when specific threat actors are believed to be involved, VulnCheck cites applicable evidence.

 

How Will It Impact Your Organization?

If your organization has a capable Remediation Operations program in place, VulnCheck KEV can enhance your remediation processes in a few key areas. Since VulnCheck posts known exploited vulnerabilities faster than CISA KEV, your organization will be able to remediate and provide protection faster than those without it. Remediation time will be reduced, especially considering you’d normally have to wait an additional 27 days (on average) before you’d even be made aware that a vulnerability had been exploited.

 

Since large organizations often have more open vulnerabilities than can be addressed with the resources available, the VulnCheck KEV catalog can help decide what needs to be addressed first. In the case of past groundbreaking vulnerabilities like with the MoveIT Transfer vulnerability or Log4j, VulnCheck KEV would have given your organization the information needed to justify reprioritizing remediation activities already in the queue. A vulnerability that HAS been exploited is a bigger threat than one that MIGHT be exploited, and security teams can use this information to strategize the best way to direct limited remediation resources while providing maximum coverage.

 

Why Use VulnCheck KEV for vulnerability intelligence?

  • Alerts of exploits 27 days (avg) earlier than CISA KEV
  • 80% more exploits tracked than CISA KEV
  • Credible sources verified
  • Contextual evidence and proof of code referenced

 

Seemplicity and VulnCheck KEV

Seemplicity manages and automates vulnerability remediation workflows, increasing cross-domain visibility and accelerating risk reduction from findings to fixes. The Seemplicity platform accelerates remediation by giving security, development and operations teams the automation needed to streamline vulnerability management across departmental boundaries, and to maximize remediation productivity. VulnCheck KEV, in addition with Seemplicity’s integrations with CISA KEV and EPSS, provides Seemplicity platform users with timely and contextual vulnerability data that will help drive efficient and productive remediation processes.

Read More From Our Blog

Time to Rethink Over Prioritization & Under Remediation

Read Now

Security Remediation Game of Tag: You Are It!

Read Now

Handling the Cybersecurity Skills Shortage

Read Now