Rapid7 launches AttackerKB, a service for mass vulnerability assessments
Image: Rapid7
Cybersecurity company Rapid7 has launched a new web service today called AttackerKB, a web portal that aggregates vulnerability assessments to help businesses understand and prioritize which errors should be pasted.
The service was launched as a closed beta in January 2020 and is entering a public beta preview today.
The site’s main purpose is for infosec professionals to review their vulnerabilities and share information with others for free.
The community can rate the reviews based on how useful the security flaw is in the hands of an attacker. The more ratings and votes a vulnerability has, the more dangerous it is, and companies can act to prioritize a patch.
Services as vulnerability vulnerability assessments are available today by many threat intelligence and intelligence companies; however, most are available at fairly steep prices. AttackerKB offers a massively targeted community-based alternative at no extra cost to both large and small businesses.
Helping to address vulnerability fatigue
In addition, the AttackerKB portal is also trying to solve another problem in the cybersecurity industry, namely fatigue by vulnerability.
The number of security breaches reported every week and month has been steadily increasing over the last decade. Every day, large corporate security teams are bombarded with newly revealed vulnerability alerts.
When security teams discover a new error, they should verify that they have vulnerable equipment on their networks, and then evaluate if the vulnerability is dangerous enough to justify planning a maintenance window and close operations while testing and deploying patches.
These checks go from minutes to hours and can mess up a busy security professional’s day. In many cases, news feeds or members of the infosec community are also overshadowed and security teams end up wasting time searching for issues that, despite their high severity scores, are not helpful to an attacker. .
Rapid7’s new AttackerKB aims to solve this problem by causing the larger infosec community to review vulnerabilities from an attacker’s perspective (hence the name Attacker KnowledgeBase), drawing on their own areas of expertise for do it
“Just as an unnoticed error can escape widespread warning, a new vulnerability that causes a lot of concern and press coverage can be relatively uninteresting from an attacker’s point of view (for example, because of the required settings). for exploitation it is obscure and unlikely to be implemented in environments encountered by pen tests or on red team computers), “said Brent Cook, chief of engineering at ZDNet, in an email. Rapid7 software.
“AttackerKB strives to provide this qualitative perspective as well as more objective information (for example,” no user interaction “or” RCE “) regarding really impactful vulnerabilities.”
Image: ZDNet
Everything can be checked
Cook also says that AttackerKB will not discriminate against the types of vulnerabilities listed on the site. Everything can be reviewed and listed. The real purpose of the site is to review all errors and not just those for the attackers.
“There are no minimum criteria for a list of vulnerabilities in the site,” said Cook. “AttackerKB users choose which vulnerabilities can be considered high impact or benign based on their own interests, skill sets and personal experiences (for example, penetration testers or exploiters).”
Cook also tells ZDNet that AttackerKB will include vulnerability assessments for errors that have not yet received a CVE ID.
CVE codes are usually assigned to all major errors, and sometimes companies do not paste errors that do not have a CVE ID, thinking that the vulnerability was not significant enough to receive a CVE, so it is not important enough. as if to hit.
But the reality is that many serious insects fail to receive a CVE on time, mainly because of bureaucracy rather than importance and seriousness. AttackerKB aims to alert you to these vulnerabilities even before they receive a CVE.
In addition, Cook says AttackerKB will also display issues that are not eligible for a CVE ID and are not technically “security flaws.” This will help companies become aware of issues that come from scientific research, such as feature implementation errors or protocol weaknesses, as a whole.
Based on the Rapid7 community
All in all, the new AttackerKB site should not be a replacement for the current Common Vulnerability Scoring System (CVSS), an industry-recognized standard for grade security flaws.
“(AttackerKB) is not intended to be an authoritative ranking on which vulnerabilities are more or less dangerous, but instead a central place for the security community to voice opinions about what vulnerabilities they consider worthy of attention and why they hold those opinions.”, Cook said.
As Cook recommends, most of the high posts that come to the site will be borne by your community. However, this is not expected to be a problem.
Rapid7 is the company behind Metasploit, the most popular penetration testing toolkit today, an open source project driven by its users as well.
The Metasploit community supplies patches, new features, but also develops new offensive (exploitative) modules for Metasploit. Vulnerability assessment is a natural step before developing a Metasploit module, a process that Rapid7 now hopes to leverage and leverage to get the AttackerKB portal off the ground.
And Cook tells ZDNet that AttackerKB has contacted some security professionals during their closed beta period, and it seems that it has filled a gap that many organizations have longed for.
“We were surprised to find how frustrated and tired even security professionals experienced with what they perceived to be” hype “around certain vulnerabilities,” Cook told ZDNet.
The Rapid7 manager shared the following comment the company received from one of its closed beta users:
“I’m tired of trying to turn the hypothetical apocalypse to reality on a regular basis. If a company has strong controls in other areas, many of these zero-day days are really mild or not a threat. But getting to that final determination is an arduous process. “
Users can sign up for AttackerKB through their GitHub account here.
Gloss