Vulnerability validation

What are validated vulnerabilities? Randori employs the same exploits and technologies utilized by Advanced Persistent Threat (APT) actors. Randori conducts direct assessments on known vulnerable software, using recognized exploits. Randori refers to these as Vulnerability Validation Activities (see Activities for more information on Activities in general). Following a successful activity, Randori automatically notes on both Detections and the associated Targets to indicate which vulnerabilities were identified as exploitable. Randori’s vulnerability validation focuses on vulnerabilities listed in the Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (CISA KEV) catalog (https://www.cisa.gov/known-exploited-vulnerabilities-catalog). Additionally, it assesses applications to identify any susceptibility to exploitation through the use of Default Credentials.

How does this approach diff from traditional vulnerability management? Traditional vulnerability management and identification software excel in pinpointing vulnerabilities within an organization’s infrastructure, focusing on aspects such as underlying entity configurations and software versions. However, the mere presence of vulnerabilities doesn’t guarantee exploitability as these issues might be mitigated by other control measures. Upgrading software on externally facing infrastructure can present significant challenges, both in terms of difficulty and resource allocation. Randori’s vulnerability validation adopts a more proactive approach by attempting to exploit identified vulnerabilities, using minimally invasive methods. This process aims to provide tangible confirmation of exploitability, taking into account your specific configuration and compensating controls.