Excellium offers a comprehensive service of packaged andcustomized security bulletins. This service is called EyeNotify and isoperated by the CSIRT of Excellium services.
EyeNotify informs clients of newly discovered vulnerabilities, allowingrapid remediation of security issues. In addition to the vulnerabilitysurvey, a monthly newsletter provides further information aboutspecific security issues, as well as regulatory changes.
EyeNotify is a managed service that tracks Common Vulnerabilitiesand Exposures, the well-known CVE, affecting the client’s assets. In thiscontext, a vulnerability is a weakness found in a software or hardware that will result in a negative impact if exploited.
Why EyeNotify?
Information security technologies are constantly evolving. The challenge for any organization is to keep up to date with the range of changes, in all of the various information security fields.
In fact, there are a great many information feeds, and most of them could potentially be aggregated. However, whether for infrastructure, best practices, or business impacts, filtering all the different newsfeeds is time consuming.
Typical organizations also face a large volume of potential threats, any of which could exploit a vulnerability, and cause a serious security incident.
Prevention is better than cure, as everyone knows, and the key point is that organizations need to act assoon as a new vulnerability is identified.
This is where EyeNotify fits in. The service has been designed to help customers achieve their vulnerabilitymanagement goals, and to properly plan and manage knowledge about information security.
EyeDeep is a service operated by Excellium CERT-XLM to address this effort for you. By using EyeDeep, youwill be able to cover an extra surface in terms of security. This product will allow you to early detect publiclyreleased data leaks that can directly affect your entities. Whether these leaks come from your assets orpossibly other compromised website that may contains some of your data, EyeDeep will extend the coverage of your security perimeter.
Activity
EyeNotify aggregates information security content from several source feeds, formats it, and sends it tointerested customers, based on their requirements. Currently, the service can offer the following kindsof content:
Vulnerability report: This report provides details on vulnerabilities per product, according to client-specific criteria.
Critical vulnerability advice: This advice is distributed manually by Excellium CSIRT as soon as they discover, or are made aware of, a critical vulnerability being used ‘in the wild’. Examples include Shellshock,WannaCry, and Blueborne, among others.
Information security newsletter: The newsletter provides short summaries about stories,developments, and themes in the information security field. Most of the articles deal with topics already noticed by Excellium’s own security watch.
• Manual triage of detected alerts:
– Instant notification for credential leak and security related data.
• Comprehensive monthly report for all related findings during the last month.
Activity Details
Vulnerability report
Customers can choose the criteria based on which a CVE will be included. The following criteria are available and can be set up at the subscription of the service:
• CVSS Score;
• Exploitability.
Reports are generated each time a CVE matchingthe search criteria is found. However, customers can choose how often they receive reports, to avoid receiving too many emails. For each vulnerability, the report output contains the following information:
• ID: ID of the CVE which is a link to a detailed pagecontaining CVE information;
• Summary: A brief description of the vulnerability;
• CVSS: The CVSS score of the CVE;
• Exploit: Indicates whether an exploit is available ornot.
Vulnerability report with customer CMDB connection
Incident reports are customized based on details in the customer’s configuration management database.An extract, with information about product versions,instances, and patching status is used to configure the service, by matching the customer’s devices withknown CPE.
This gives a practical report, focused only on the assets that matter.
The core details for each vulnerability remain the same, for these focused reports, in terms of the CVSS score, etc.
NEWSLETTER
This newsletter contains a diverse range of information in the field of information security.
Each newsletter is written by members from different Excellium teams, and is the result of the consultants’expertise and security watch activities.
The newsletter aggregates content from different areas, such as:
• Information security practices regarding products;
• News related to threats which could impact IT security;
• New developments in the laws and the standards governing information security:
Information security practices regarding products.
Critical security advice
The Critical Security Advice mails are additionalmessages sent by Excellium CSIRT when criticalinformation security events are raised. Critical security events cover the following information:
• High-risk vulnerabilities;
• Advisory information regarding releases of new patches, or new software versions which are not stable;
• Information related to currently active cyber-attacks.
These advisory messages are generated when required, and are sent by e-mail to a list of recipients agreed with the customer.
The format is a text-based report containing the following information:
• The vendor & product impacted by the notification;• A brief description of the vulnerability or attack;
• The impact of the vulnerability or attack;
• Additional information to help the customer remediate the vulnerability.
