Printer FriendlyEmail Article Link

What criteria does Spirent use to decide whether or not to add a threat to the Avalanche / ThreatEx knowledge database?

Answer

Spirent Vulnerability Research provides detailed engineering-level research reports on critical security vulnerabilities as they emerge.

The Vulnerability Team performs monitoring of approximately 250 sources of information on emerging vulnerabilities (including commercial alerting feeds; mailing lists such as Bugtraq, NTBugtraq, Vuln-Dev and Full-Disclosure; and sources within the hacker underground.). Reported vulnerabilities are ranked for impact and severity using an enhanced version of the SANS CVA formula, and prioritized on this basis.
 
Vulnerabilities are then subjected to full differential analysis (including reproduction of the vulnerability with respect to known-vulnerable, suspected-vulnerable, known-non-vulnerable, and suspected non-vulnerable targets).
 
Spirent performs in-depth engineering analysis, with the goal of developing a complete understanding of the mechanism, preconditions, triggering conditions, and set of exposures created by each vulnerability. We also note the specifics around each vulnerability including, but not limited to the following:
  • All relevant identifiers (CVE, BID/SFID, etc.)
  • Severity & impact analysis
  • Affected Product(s)
  • Problem Location (executable, DLL, shared library, function or method, parameter or property, data object(s))
  • Problem Mechanism (Technical mechanism, and Source-code level walkthrough when applicable)
  • Triggering Conditions & Prerequisites
  • Protocol Flow Diagram(s)
  • Packet decodes (attack cases and normal cases)
  • Attack detection (network-based detection of generic attacks & of known exploits)
  • Exploit reproduction, usually including sample code
  • Exploit status (published exploits and packet captures)

Product : Avalanche,Vulnerability,ThreatEx