Applying Data Analytics on Vulnerability Data

Organizations, by law, should exercise due care and due diligence in securing data at rest, in transit, and in use. Regardless of the whereabouts of data, an organization needs to thwart adversaries and secure its data properly. One of the key methods of thwarting external attackers is to lock down public-facing networks. To secure public-facing networks, a prudent organization often conducts vulnerability assessments. It may take a month or more for tens of thousands of IP addresses because of the time and effort required in collating and analyzing overwhelming vulnerability data. A common penetration testing proverb Nine hours of fun and ninety hours of writing accurately states the ratio of time between performing vulnerability scans and analyzing vulnerability data, which may be further extrapolated to estimate the number of hours required to analyze the vulnerability data of tens of thousands of hosts. To increase the fun aspect in assessment, we can utilize data analysis techniques and tools, which would eventually help save the time taken to analyze vulnerability data, and hence, produce effective reports quickly. Data analytics techniques using Splunk and Pandas can be leveraged to quickly and efficiently analyze network vulnerability reports from a scanner, for example Nessus. Data analytics tools and techniques help in reducing the time required to analyze vulnerability data as a part of vulnerability assessment.