Offering allows enterprise customers to consume critical vulnerability metadata.
Austin, TX – July 26, 2016 – Exodus Intelligence, the leader in vulnerability discovery, analysis, and exploitation, today announced two new metadata subscriptions targeted at enterprise customers that need to understand the security posture of their clients and servers. Exodus is the first Vulnerability Research company to productize their research using an open standard, intended to be consumed by enterprises.
Up until now, the results of vulnerability research have been closely guarded secrets, until the original vendor finally decides to publish their results. Conventional wisdom has held that, since these secrets could be used by adversaries, they should only be traded in tightly closed circles. While some organizations, such as existing Exodus clients, have started to use this information to improve their security, lack of resources and lack of concern within the application vendor community have allowed hundreds of known vulnerabilities to remain unpatched for years. The result of this behavior is that enterprises remain unprotected and unable to understand their risk profile.
With the knowledge that the existing Vulnerability Research model is not working well enough to protect enterprises, Exodus has decided to productize high-level metadata for its Zero-Day and N-Day databases. Gaining access to this metadata will allow users to understand the applications, versions, vulnerability types and affected platforms for each vulnerability researched by our team. This metadata is being made available through the open standards STIX and TAXII, making it easy to consume programmatically or via an existing Threat Intelligence Platform (TIP).
“The days of hiding vulnerability information are over. Our adversaries already have too much of an advantage, especially as they are always digging for new vulns. It is critical that each enterprise understand fully where their risks lie, allowing them to take the necessary steps to improve their own security. The new Zero-Day and N-Day Metadata Access feeds provide exactly this type of information.” -Logan Brown, President, Exodus Intelligence
Key features
Zero-Day Metadata Access (ZMA) subscription
- Includes unique, exclusive vulnerability details within applications that matter to enterprises.
- Provides high level descriptions and impacted version information.
- Subscribers may opt to purchase additional details for specific vulnerabilities, including exploit software.
- Due to the sensitive nature of this information, available for purchase only by qualified and verified enterprises.
- Interested parties may register their interest at https://vault.exodusintel.com/register.
N-Day Metadata Access (NMA) subscribers
- Includes only known (patched) vulnerabilities which Exodus has verified to be exploitable.
- Provides high level descriptions and impacted version information.
- Verified subscribers may opt to purchase additional details for specific vulnerabilities, including exploit software.
- N-Day Metadata is made available for FREE to any interested enterprise organization.
- Interested parties maybe configure their TAXII clients to receive this metadata feed. Please contact info@exodusintel.com for access details.
For more information, visit www.exodusintel.com or contact info@exodusintel.com for further discussion.
About Exodus Intelligence
Exodus Intelligence provides clients with actionable information, capabilities, and context for proven exploitable vulnerabilities. Our world class team of vulnerability researchers discover hundreds of exclusive Zero-Day vulnerabilities, providing our clients with this knowledge before the adversaries find them. Our research also extends into the world on N-Day research, where we select critical N-Day vulnerabilities and complete research to prove whether these vulnerabilities are truly exploitable in the wild. For more information, visit www.exodusintel.com.