Discover how Cobalt's PtaaS platform can benefit your business.

Platform Deep Dive: New Risk Advisories Enrich Findings With CVE and NVD Data

Uncover the potential risks in your tech stack all in one platform and make an informed security plan.

More and more information comes online to help security teams understand their threat landscape. For example, MITRE’s Common Vulnerability Enumerators (CVEs) list and NIST’s National Vulnerability Database (NVD) share valuable information on known vulnerabilities and how to remediate them. 

But while these databases are extensive, they rarely offer information tailored to teams’ specific assets, forcing users to search for different asset categories or vulnerabilities manually one at a time. 

We saw an opportunity to solve this problem: As customers add the assets they want pentested, Cobalt can now pull relevant vulnerability information via the databases’ APIs and organize it into a singular view. 

As a result, customers can find relevant information more quickly, understand their wider threat environment, and make more informed decisions. 

Tailored Risk Advisories Directly in the Cobalt Platform

With this new feature, customers can now access updated list views and tabs with CVE data tailored to their asset types directly in the Cobalt platform.  

CVE Data in Platform

With easier access to this information, customers no longer need to manually research databases. Not only does this save time, it can also help teams achieve the following:

Security Professionals can…

  • Use the advisories as part of an overall environmental threat assessment process;
  • Integrate the information into a pre-existing update and patching workflow;
  • Take this data to budget-holders as justification for internal engineering work and further pentesting; 

Non-Technical Org Owners/Collaborators can…

  • Get a better understanding of their operational environment and threat landscape;
  • Liaise with security professionals (either internal or Cobalt) to get a better understanding of technical details within the advisories;
  • Use aggregated risk advisory data to justify pentest spend;

Getting Set Up

To take advantage of this feature, users first need to fill in information about their assets using a new “Technology Stack” field.  

Technology Stack Field

Users should then go to the “Assets” tab. The Risk Advisory column will show how many potential vulnerabilities each asset could be susceptible to, based on the 'Tech Stack' entries matched against the CVE database. 

If a user hovers over the number, they will receive a breakdown on the criticality levels of these potential vulnerabilities. If a user clicks on it, they will go directly to the Risk Advisories detail page.

Alternatively, users can click into an asset and manually select the Risk Advisories tab on the bottom of the page.  

Users can then click on the individual CVE links, which will take them directly to the corresponding NVD CVE detail page. There they can get more information and links to vendor sites for remediation options.

NVD reference link

Uncover the potential risks in your tech stack all in one place to make more informed security decisions. Explore more with Cobalt's Risk Advisory integration feature.

Back to Blog
About Cobalt
Cobalt provides a Pentest as a Service (PtaaS) platform that is modernizing the traditional, static penetration testing model by providing streamlined processes, developer integrations, and on-demand pentesters. Our blog is where we provide industry best practices, showcase some of our top-tier talent, and share information that's of interest to the cybersecurity community. More By Cobalt