CyberFOCUS

CyberFOCUS is a threat intelligence and remediation feature within BigFix SaaS Remediate that provides visibility into CISA KEV (Known Exploited Vulnerabilities) and MITRE ATT&CK reports. It enables users to assess their security posture and take proactive remediation actions based on real-world threat intelligence.

CyberFOCUS enhances cybersecurity visibility by integrating CISA KEV and MITRE ATT&CK intelligence into a single dashboard, providing interactive filtering, correlation of vulnerabilities with attack tactics, and detailed reporting to help organizations prioritize and act on critical threats efficiently. It enables organizations to act swiftly on critical threats, minimizing the risk of exploitation. By leveraging CyberFOCUS, security teams can streamline vulnerability management, improve compliance with regulatory frameworks, and strengthen their overall security posture through detailed reporting and audit-ready insights.

Vulnerability management

  • NVD (National Vulnerability Database) and MITRE ATT&CK maintain comprehensive databases of global vulnerabilities and attack techniques.
  • BigFix SaaS Remediate pulls vulnerabilities from both NVD and MITRE ATT&CK, integrating them into its system for comprehensive threat intelligence.
  • Each vulnerability is linked to Fixlets, enabling automated remediation of affected devices. Additionally, correlations with MITRE ATT&CK tactics help security teams understand exploitation methods and take proactive defense measures.

Reports

CyberFOCUS in BigFix SaaS includes two key reports:
  • CISA KEV Report – A collection of known exploited vulnerabilities. Displays known exploited vulnerabilities based on NVD data. CISA Known Exploited Vulnerabilities (KEV) web report utilizes the data provided by the Cybersecurity & Infrastructure Security Agency (CISA) KEV Catalog and the associated CISA due dates, analyses and compares them with the patch levels of the devices in your BigFix environment, and visualizes the vulnerability intelligence as a bubble chart to assess and prioritize the vulnerabilities.
  • MITRE APT report – Follows a similar structure but is based on the MITRE ATT&CK framework. Another framework for tracking vulnerabilities. MITRE Advanced Persistent Threat Groups (MITRE APTs) web report obtains data published through the MITRE ATT&CK® Framework, analyses and compares it with the patch levels of the devices in your BigFix environment, and visualizes the analysis as a bar chart to help you take informed decision to mitigate the security threat.
Note:
  • Both CISA KEV and MITRE reports are visualized using tables and charts.
  • By default, the dashboard displays the CISA KEV report.

Understanding Fixlets and Exposures

  • The system tracks affected devices and Fixlets required for remediation.
  • Exposure represents the mapping between relevant Fixlets and affected devices.
  • For example, if a device requires three Fixlets, its exposure count is 3; If two devices require three Fixlets each, the exposure count is 6. The total exposure is calculated based on relevant Fixlets and affected devices.

Fixlet Creation & Cyber Focus Content Pack

  • The BigFix content team creates Fixlets.
  • The CISA KEV content pack provides Fixlets for vulnerabilities at no additional cost for those with CyberFOCUS.
  • Users can view vulnerability details in the BigFix Console or API.

Insights Gained from CyberFOCUS

By analyzing the CyberFOCUS dashboard, users can:
  • Identify high-risk vulnerabilities currently exploited in the wild.
  • Understand the impact on their organization based on affected devices.
  • Assess the urgency of patching based on severity and exploitation status.
  • Monitor remediation progress over time.
  • Correlate threats with MITRE ATT&CK tactics to understand attack techniques used by adversaries.

Actions Users Can Take

CyberFOCUS allows users to take direct remediation actions, including:

  • Automated Patching: Remediate vulnerable software and devices by deploying relevant Fixlets.
  • Isolation of Compromised Systems: Quarantine affected endpoints to prevent lateral movement.
  • Policy Enforcement: Apply security configurations to reduce exposure.
  • Threat Hunting: Investigate indicators of compromise (IoCs) linked to KEV vulnerabilities.
  • Reporting & Compliance: Generate reports for audits and compliance tracking.