Ultra Red's VITA AI in Action
Ultra Red's VITA AI in Action
Generative AI Application delivers faster time to remediation
The Time Challenge
Threat actors are increasingly automating their cyber-attacks to both scale their operations and reduce their time-to-attack in exploiting newly uncovered vulnerabilities. In response, cyber teams are challenged to reduce their time to detect and remediate high severity vulnerabilities and exposures in their organization's internet-facing assets.
Continuous Threat and Exposure Management (CTEM)
Ultra Red’s mission is to provide organizations with an automated CTEM platform that dramatically lowers the time to detection of high-risk vulnerabilities and exposures, and empowers cyber teams to significantly reduce their time to remediation.
Ultra Red's CTEM platform has proved to be invaluable to customers by continuously uncovering and validating vulnerabilities and exposures across all their in-scope assets. While traditional vulnerability management can often be a 9 to 5 activity, Ultra Red operates 24x7 to uncover and validate exposures, serving up actionable vulnerabilities with priority scores that reflect both the severity of the vulnerability and it’s exploitability by threat actors. By providing playbooks to automate actions with a wide range of applications, and full documentation and proof of concepts that can be shared with asset owners, Ultra Red plays a key role in reducing the time to repair. However, the repair process can take time as code or configuration changes must be developed and thoroughly tested before being put into production. In the meantime, the organization remains vulnerable unless action to remediate is taken.
Increasing the Focus on Remediation using VITA AI
Together, security and operations teams can use mitigation controls to prevent the exploitation of vulnerabilities or exposures, remediating the short-term risk and reducing the urgency of a quick repair. Security analysts take the lead here and need a thorough understanding of the vulnerability, its potential impact, and the mitigation options available to drive the desired outcome. Ultra Red's VITA AI empowers cyber team members to request additional information on the exposure and its potential impact, giving them more complete situational awareness. Using generative AI, VITA AI can also generate mitigation rules for a wide range of security solutions to facilitate the interaction with security solution administrators and reduce the time to remediation.
VITA AI in Action
To see how this works in practice, in the following scenario Ultra Red has uncovered and validated a high severity SQL Injection vulnerability. The cyber team is alerted, and the following information is presented.
A ticket is opened, and the full supporting documentation is exported and sent to the application owners. By using VITA AI, a security analyst can then go further by requesting additional information on the vector.
They can also ask VITA AI to provide remediation recommendations.
To facilitate remediation, the analyst can ask VITA AI to create rules for their security solutions. Here we show several examples. The first is an F5 WAF rule to prevent the exploitation of the vulnerability.
In the next example, the request is for a Darktrace NDR rule to prevent the exploitation.
In the next example, the analyst requests a SPLUNK rule to monitor the logs and alert on the exploitation of the vulnerability, ensuring the organization is aware of an attempted or successful exploitation.
Alternatively, the analyst could request a SIGMA rule that could work across several SIEM platforms.
Summary
As you can see, by using VITA AI, the security team can take an active role in exploit prevention by driving the activities necessary to reduce the time to remediation. To find out more about how ULTRA RED’s VITA AI can dramatically improve your time to remediation, visit www.ultrared.ai and click on "Request a Demo".
