With the highly anticipated release of NorthStar Navigator version 6, Dr. Dan Corlette, Head of Research, shared his thoughts on what differentiates NorthStar as the leading risk-based vulnerability prioritization tool.

Introducing: NorthStar Navigator v.6

I’m very excited about version 6’s new vulnerability risk management and prioritization capability. The model behind this capability is focused on maximizing the outcome of our customers’ risk reduction efforts while at the same time minimizing their remediation costs. Our customers want to characterize the real risk in their environments that exist from software vulnerabilities and their potential impact to their businesses that a breach or attack would cause if a vulnerability is exploited. On a daily basis they want to be fixing the vulnerabilities that have the highest chance of causing the most damage to their businesses. Our new vulnerability risk management and prioritization capability provides this outcome to for our customers.

To achieve this outcome, in version 6, we have added the ability for the system to intelligently fuse state-of-the-art threat intelligence data with, open source vulnerability data, customer environment data, and business importance data in a way that ensures that each remediation action recommended by our system is optimal for a given moment in time. As our customers work on a daily basis to reduce the risk that vulnerabilities and exposures pose to their networks, they can do so knowing that the remediation actions they are taking, based on our recommendations, are the best actions to take based on available data.

“Many enterprises implement compensating controls or have exceptions for certain assets for a wide variety of reasons. NorthStar’s model is flexible and allows for the accounting of these and other situations in a transparent and traceable way.”

There have been four significant additions to NorthStar in version 6 and I am very excited about all of them.

External Threat Intelligence and RBVM Programs

The first involves our partnership with what is arguably the world’s largest collection platform for vulnerability and exploit related data. This data source fuses open source, closed source, technical research, proprietary research, and customer environment data to provide a real-time view of the threat that known vulnerabilities pose to our customers. Version 6 has been updated to allow for this data to be ingested and fused other NorthStar data sources as part of the calculations performed by the new vulnerability risk management and prioritization model.

Rule-Engine

Another new feature in version 6 is our rule-engine. At the heart of NorthStar is a powerful data-engine that provides state-of-the-art data ingestion, normalization, deconfliction, and schema alignment. As a first step, NorthStar pulls from all available data sources to create a single consolidated view of customers’ data and monitors any changes in the data by maintaining a history. Our rule-engine can now use the customer data to derive new facts about the customer environment. For instance, rules can be defined that assert that a compensating control or exception exists for a specific asset, exposure, or asset exposure instance. Once asserted this information exists and can be folded into the vulnerability risk management and prioritization model, leading to a model tailored for the customers’ environment. And an RBVM program that accounts for enterprise infrastructure uniqueness. 

Vulnerability Risk Management and Prioritization Model

Version 6 brings the introduction of our vulnerability risk management and prioritization model. The model provides the point of function for all of the competing data sources. There are potentially many different data sources that have something to say about both the customers’ assets and the vulnerabilities that may exist on them. The major data sources include the threat intelligence about vulnerabilities, all of the data in the customers’ environments, and data related to the business importance of assets. Additionally, rules may have been authored to more accurately model the customer’s environment such as asserting compensating controls, exceptions, or making individualized adjustments to asset or exposure importance or severity. The risk and prioritization model fuses all of this data together in a traceable way to provide a risk score for each asset and each asset exposure instance. While we provide a default model, our experience has informed us to allow for configuration where possible. The model is powerful, easy to explain and very importantly it is traceable, meaning that customers can easily trace the reason for any scoring assignments made.

Optimal Actions for Remediation

Version 6 will also bring the capability to rank potential remediation actions based on how much risk is reduced within the customer’s environment from taking the action. The three prior new features mentioned above provide the basis for this fourth new feature. The impact of taking a remediation action can be provided that describes the amount of risk that will be reduced from many different perspectives such as, across the entire environment, within a sub groupings of assets such as assets belonging to a particular organization or a specific location, or a set of assets that collectively support a business application.

Where NorthStar Shines

I see the most impressive and unique feature of version 6 being the flexibility of the vulnerability risk management and prioritization capability to capture and model the details of our customers’ environments and their business models. While many RBVM programs share similarities, every customer’s environment is going to have uniqueness and differences. Additionally, not every customer’s appetite for risk is the same. Some assets and applications are more important than others from a business perspective. A severity with a score of 10 on one asset, for instance, might be less important than a severity with a score of 7 on another for the reason that the second asset is an order of magnitude more critical to a company’s daily business operations. Many customers (and RBVM programs) implement compensating controls or have exceptions for certain assets for a wide variety of reasons, our model is flexible and allows for the accounting of these and other situations in a transparent and traceable way. This means that each customer ends up with a vulnerability risk and prioritization model that is optimized for their environments.

NorthStar Navigator v.6 =

LOW Effort + MAX Risk Reduction

The central mission for version 6 is to provide our customers the optimal ranked list of remediation actions, based on all available data, that if followed will result in the largest reduction of risk within their environments, while requiring the least amount of effort. In short, version 6’s mission is providing the shortest path for our customers to reduce the greatest amount of risk that existing vulnerabilities pose to their environments.

When will this revolutionary risk prioritization technology be released? Contact us to learn more!

About Dr. Dan Corlette

Specializing in the rapid prototyping of solutions, Dan is an accomplished research scientist who has directed or contributed to 10 government-subsidized research projects totaling over 17 million dollars in funding as part of programs designed to quickly bring technology to market in the past decade. As a result of these research efforts, Dan’s contributions provided the core technology for five commercial products in the field of natural language processing and search.