- Platform
OVERVIEW
Capabilities
- Solutions
USE CASES
- Cyber Risk Hub
LIBRARY
- Company
GET TO KNOW US
- Pricing
On the surface, exploitable vulnerabilities all seem like priorities. But this isn't always the case. Here's everything you need to know.
Vulnerability scanning across multiple attack vectors in an environment can often yield hundreds of vulnerabilities. Of course, it’s impossible to resolve all of these vulnerabilities at once, as teams lack the capacity and/or resources to do so. At the same time, organizations are under constant pressure to update and improve their network, application, and cloud environments.
Exploit maturity data enables filtering of the vulnerabilities to identify mature ones with a record of exploitation, those vulnerabilities for which there is only proof that they could be exploited, and vulnerabilities with no recorded exploitation data.
Ultimately, the realistic goal is not to fix all the vulnerabilities but rather to fix those that could negatively impact the business. Accordingly, first ascertaining the level of maturity of the vulnerability is an essential exercise when faced with multiple potentially serious threats.
This blog explores the true impact of exploitable vulnerabilities as we close out 2023 and enter 2024. You can read the extended white paper here.
A vulnerability can be classified into one of three categories based on the exploitation records and cause:
The average enterprise typically encounters an overwhelming number of vulnerabilities in their environments. This is a prominent issue for most security teams in 2023.
54%
of security leaders patched fewer than 50% of vulnerabilities in their backlogs in 2023.
Not all vulnerabilities are created equal. While one that is being actively exploited usually requires immediate attention, there are several criteria to consider so that security operations teams can identify those with the highest priority.
With attackers generally being opportunists seeking quick wins and open goals, they’re likely to ignore exploits that require considerable effort to leverage:
Many steps may need to be executed to make an exploitation work, such as:
For every exploited vulnerability found in the wild, its impact on the company, product, and reputation can differ. Confidentiality, integrity, and availability are all potentially affected in the case of a data breach. Understanding where you stand to be most impacted is key to determining what to focus on first.
In 2016, a cyber-security attack recorded in the central bank of Bangladesh at the Federal Reserve Bank of New York generated multiple fraudulent withdrawals equivalent to around $1 billion U.S. dollars. The attackers exploited a security vulnerability in the banking system to retrieve the necessary credentials, then injected malware to delete database records of the illegal transfers.
An exploit affecting a single system is a wholly different situation than one that targets an organization’s entire environment. Security teams must identify the potential scope of an exploit to assess how much of a priority it is compared to others. Note that even exploits compromising a single host will often lead to the entire system being affected, so the scope must be considered in this context.
In 2017, the Google Project Zero team discovered that Cloudflare’s servers were allowing sensitive data to be cached by search engines. At that time, approximately six million websites were using Cloudflare’s services, and between September 2016 and February 2017, the problematic caching mechanism was triggered 1,242,071 times. In Cloudflare’s case, the scope did not stop at the application level but affected multiple web applications from around the world.
Exploring how vulnerabilities turn into exploits gives us visibility into the lifecycle of a potential system compromise and helps us better strategize how to avoid one. As we head into 2024, security environments have never been more complex. Exploitable vulnerabilities have never been more of a concern, and security leaders know action is needed.
At the forefront of cyber security innovation, Mandiant was well aware of this issue. They used Vulcan Cyber to prioritize the risk that mattered most:
"With Vulcan, we've been able to consolidate all of our data in one place and focus on only the vulnerabilities that matter to us, so our developers can fix things fast, and focus on adding value to our customers”
Matt Shelton, Director of Technology Risk & Threat Intelligence, Mandiant
The Vulcan Cyber risk management platform is designed to help teams drive mitigation outcomes for those vulnerabilities that represent the most risk to their specific organizations. Book a demo today to learn more.