BlogCareersContact Us
< Back to Blog

CISA known exploited vulnerabilities – what do they mean for your organization?

Rhett Glauser
 | Mar 10, 2022
 | Vulcan Cyber CMO

Recently, CISA added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The catalog is a living list of known CVEs that represent significant risk to federal enterprises, and is regularly updated. 

But while new vulnerabilities are added constantly, it’s unusual for CISA to add more than a handful to their catalog at a time, so the addition of nearly 100 at once is noteworthy. For context, the next-largest batch of vulnerabilities contained just 15 CVEs. While most of the vulnerabilities in this new list are recent, the oldest in this batch (CVE-2002-0367) dates to 2002, and many of the others are over five years old.

CISA has their own criteria for adding specific vulnerabilities to their catalog, and usually only adds a few at a time. But given the conflict in Ukraine, these additions could be part of an effort to prevent potential cyber attacks targeting U.S. organizations covered by CISA directives.

But if you have prioritization processes in place, making sense of this list is more straightforward, and you can take swift action to mitigate the risk. Organizations that are prioritizing based on business-specific risk, and have well-established processes and automations to do this, will be able to address these new vulnerabilities just as efficiently as they do others, regardless of the number of CVEs they are suddenly faced with. 

Knowing which of the new vulnerabilities in CISA’s catalog might harm your business, and which ones pose little or no threat, makes the scary-sounding number of 95 much more palatable. These new additions only serve to prove that prioritization based around business risk is integral to improving and maintaining security posture.

Better prioritization takes work, and most organizations struggle with exactly this. But with tools like the Vulcan Cyber risk management platform, companies can leverage their existing data to see clearly their most vulnerable assets, and the recommendations, actions and collaborations needed to mitigate that risk. Book a demo today to get started. 

About the Author

Rhett Glauser

Rhett has been running corporate marketing and demand generation functions in the enterprise infrastructure and security markets for a really long time. Prior to Vulcan Cyber Rhett spent more than two decades with SaltStack, ServiceNow, Symantec and Altiris.

People also read

How to fix the zero day CVE-2022-22620 vulnerability

Read More >

SANS Cloud Security Survey 2022 – highlights

Read More >

5 Azure Security Tools You Should Know About

Read More >

CIS Benchmarks and system hardening: an introduction

Read More >

Microsoft zero day, More Musk drama, and more: first officer’s log – week 3

Read More >
< Back to Blog
Did you find this interesting? Share it with others: