How does Panoptica scan for CVEs/vulnerabilities?

Panoptica scans for Common Vulnerabilities and Exposures (CVEs) across the account and Kubernetes workloads using different tools and threat intelligence feeds including:

  1. AWS EC2 Disk Scan (EBS Snapshot)
  2. K8S Containers Image Scan
  3. Exposed vulnerabilities from Threat Intelligence Feed
  4. Optional Integration with IntSights for CVE Trends

How does Panoptica prioritize vulnerabilities?

To reduce the overload and required effort for reviewing and mitigating vulnerabilities Panoptica prioritizes all vulnerabilities based on the following parameters:

  • Vulnerability Exploitation Availability
  • Attack Vector (Network vs Local)
  • CVE Exposed on Public Assets
  • CVSS Score
  • Match on Threat Intelligence Feeds

What sources do you use for your vulnerability scans?

We use the National Vulnerability Database (NVD), maintained by NIST.

In order to move an AWS account to internal scans, should we complete either of the processes in your CVE Scanning - Internal Scan before giving you the go-ahead?

You can do that process either before we activate it on our end or after.

Why does Panoptica ingest third-party CVE findings when the platform has its own CVE scanning tool?

Panoptica has a graph-based approach to prioritization, which allows us to not only prioritize vulnerabilities found by our CVE scanner, but also apply the same prioritization to vulnerabilities found by tools such as Snyk, Tenable, and Twistlock. This allows us to gain greater value from other tools that a customer may be using or sunsetting, as a result of purchasing Panoptica. Our customers can benefit from the flexibility of combining Panoptica with other tools - while maintaining a single pane of glass view into which vulnerabilities are truly prioritized given the context of their environment.