Focus on major security vulnerabilities

27 October 2020
| No comments
Network points, patch, vulnerabilities

Share post

Tenable Specialists: "Not all vulnerabilities are a threat - organizations should focus on the major vulnerabilities".

The computer networks of organizations are constantly expanding: IT, cloud, IoT and OT form a complex computing landscape that represents the modern attack surface. With every new device, connection or application, this attack surface increases. In addition to this complexity, there are countless vulnerabilities that are discovered every day, and the challenges often seem insurmountable. The solution, however, is relatively simple - security teams need visibility to understand the risks.

More focus on acutely endangered vulnerabilities

Regardless of the size of the organization, fixing any vulnerability takes a long time, even with a large IT team and significant financial investment. Rather than dwelling on vulnerabilities that are not targeted, organizations can post thousands of vulnerabilities in order to focus on those who are a real threat.

The vulnerability overload

When it comes to vulnerability management, the question is often asked: How many vulnerabilities can a single security professional fix each day? Per week? Per month? The stopwatch starts when the security manager finds out about the vulnerability after CVE (Common Vulnerabilities and Exposures) has disclosed the vulnerability. With this limited information, a race begins to determine whether the vulnerability exists within your own network and which systems, devices or applications are affected - before the rectification can even begin.

The CVE ID only informs the security experts that the vulnerability exists - that's all. Further extensive research in numerous public sources is required to determine the actual risk. These describe in detail the characteristics of vulnerability and the function it fulfills in the current and past prevalence. This process should involve complementary sources such as social media posts, blogs, and even forums on the dark web.

The majority of attacks on organizations are not state commissioned or particularly sophisticated. The problem is the known but not yet patched vulnerabilities. It is impossible to fix all security holes, so the challenge is to know what is real and what is only theoretical.

Fix the risk

According to Tenable Research (Persistent vulnerabilities: causes and outlook) an exploit is only developed for 20% of the vulnerabilities and hackers only exploit a fraction of them. Security teams can use this to their advantage. The Tenable study also found that less than 6% of organizations are effectively addressing vulnerabilities. Many companies are not up to date with their security processes and spend their time fixing shortcomings that may never be exploited or affect areas that pose no real risk.

Risk-based Vulnerability Management (RBVM) goes beyond the basic assessment of the Common Vulnerability Scoring System (CVSS). It enables security teams to consider contextual elements - such as the criticality of the affected system or device, combined with constantly updated threat intelligence and predictive technologies. In this way, companies can efficiently identify the vulnerabilities that will be most exploited in the immediate future.

Reduce business risk faster

Finding and fixing the vulnerabilities that are being actively exploited is paramount to reducing business risk. With the help of a risk-based vulnerability management program, security teams can secure even the most complex IT landscape. For more information on RBVM, see Tenable's free whitepaper (including a guide): Implementing Risk-Based Vulnerability Management.

More on this at Tenable.com

 

About Tenable

Tenable is a Cyber ​​Exposure company. Over 24.000 companies worldwide trust Tenable to understand and reduce cyber risk. Nessus inventors have combined their vulnerability expertise in Tenable.io, delivering the industry's first platform that provides real-time visibility into and secures any asset on any computing platform. Tenable's customer base includes 53 percent of the Fortune 500, 29 percent of the Global 2000, and large government agencies.

 

Matching articles on the topic

Cybersecurity platform with protection for 5G environments

Cybersecurity specialist Trend Micro unveils its platform-based approach to protecting organizations' ever-expanding attack surface, including securing ➡ Read more

Data manipulation, the underestimated danger

Every year, World Backup Day on March 31st serves as a reminder of the importance of up-to-date and easily accessible backups ➡ Read more

Printers as a security risk

Corporate printer fleets are increasingly becoming a blind spot and pose enormous problems for their efficiency and security. ➡ Read more

The AI ​​Act and its consequences for data protection

With the AI ​​Act, the first law for AI has been approved and gives manufacturers of AI applications between six months and ➡ Read more

Windows operating systems: Almost two million computers at risk

There are no longer any updates for the Windows 7 and 8 operating systems. This means open security gaps and therefore worthwhile and ➡ Read more

AI on Enterprise Storage fights ransomware in real time

NetApp is one of the first to integrate artificial intelligence (AI) and machine learning (ML) directly into primary storage to combat ransomware ➡ Read more

DSPM product suite for Zero Trust Data Security

Data Security Posture Management – ​​DSPM for short – is crucial for companies to ensure cyber resilience against the multitude ➡ Read more

Data encryption: More security on cloud platforms

Online platforms are often the target of cyberattacks, such as Trello recently. 5 tips ensure more effective data encryption in the cloud ➡ Read more

PR News
, , , ,