About the customer
Dräger is a leading manufacturer of medical and safety technology products, servicing hospitals, emergency response services, law and regulatory enforcement, and other industries across the world. Under their guiding philosophy of “Technology for Life”, Dräger’s unique offerings serve a singular purpose – to protect, support and save lives.
Operating under this mission involves responsibilities that go beyond manufacturing. To ensure the well-being of those who depend on their technology, Dräger needs to make sure their products are designed securely from the start, that their security teams can continuously monitor for vulnerabilities, and that they have the ability to remediate issues in a timely manner. It is the duty of Detlef Köble, Product Security Manager at Dräger, to operationalize this idea of continuous product security.
Integrating Security From the Start
This was the first obstacle that Köble faced. Before VulnDB, Dräger heavily relied on CVE/NVD for their vulnerability intelligence. Even when following best practices like establishing a Software Bill of Materials (SBOM), Köble found that his teams ultimately lacked comprehensive and actionable intelligence. NVD’s lack of detail and sparse coverage of third-party software often left Köble’s team spending time and effort conducting lengthy manual research with mixed results.
“We needed an information provider and not a tool. We needed
detailed, comprehensive data and pre-assessed vulnerabilities so
we could save resources to focus on tasks that were unique to us.”
Better Data with VulnDB
“For our industry, scanning alone was not enough for vulnerability assessment. There wasn’t a scanning product that could do everything we needed.
We were looking for a provider that could cover both commercial software and OSS. It was important that we could perform vulnerability monitoring and pre-assessment of our software components. It was important that we had a comprehensive vulnerability data source.”
Enabling Continuous Product Security
“You can’t say your product is free of vulnerabilities. It may be for a certain period of time, but it could be hit the next day because new vulnerabilities are disclosed on a daily basis. Dräger always takes this into account. Exploitability will always change and we know that security is a permanent process.”
“Most of our products are therapy and monitoring devices, so if it becomes impaired by an attack, it can have a real, serious impact on a patient’s health. Therefore, we must be very careful. It’s not enough to just find the ‘top 10’ vulnerabilities; you have to consider all the vulnerabilities that can affect the product, and then you have to actually manage them. To do that you need really good information so that you can arrive at the best decisions.”
Vulnerability management is only effective if organizations can identify the vulnerabilities that affect them and remediate them in a timely manner. With VulnDB, Dräger can do just that with real-time email alerts that notify them when new vulnerabilities affecting their products are released. Once aware, Dräger can pull data on a daily basis via VulnDB’s RESTful API without having to scan. This flexibility, coupled with comprehensive vulnerability intelligence enables Dräger to perform continuous Product and Application Security and other DevSecOps functions.
VulnDB has made lengthy manual research processes a relic of the past. Using VulnDB as their main source for vulnerability intelligence, Dräger is able to perform continuous vulnerability monitoring and fast track remediation using VulnDB’s scanless, independently researched, and comprehensive vulnerability intelligence.