Threat actors continue to exploit known software vulnerabilities. Many are years old. All have available patches from vendors.
Most in the cybersecurity world have seen the recent top 30 exploit list, released in August 2021 by the U.S. Cybersecurity Infrastructure (CISA) and FBI, along with their counterparts in the U.K. and Australia. The top four vulnerabilities listed were discovered between 2018 and 2020, underscoring that many organizations across the public and private sectors still aren’t patching known vulnerabilities fast enough.
To prevent ransomware attacks, we simply can’t keep leaving our defenders drowning in vulnerabilities.
A new approach to Vulnerability and Threat Management
Skybox Research Lab found that traditional remediation tactics only address critical- and high-severity vulnerabilities – while leaving 40% of “low-risk” vulnerabilities unpatched for years. Cybercriminals are targeting these low-hanging fruit hiding in plain sight, turning them into backdoors to deploy complex attacks that are increasing at record rates.
With industry-leading prioritization capabilities, Skybox Security identifies exposed vulnerabilities that will reduce our customer’s attack surface the most. To regain control over complexity, Skybox Security delivers the three most critical cybersecurity metrics for advanced Vulnerability and Threat Management:
- Total number of vulnerabilities across hybrid infrastructure
- Total number of vulnerabilities exploited in the wild
- Total number of exploits on critical assets
Skybox Security Vulnerability Control – identifying CISA alert exploits
If you don’t know where to start with Vulnerability Management, remediating these popular exploits is a good initial step. Using Skybox Security’s customizable dashboards, customers can easily and quickly build views to identify any risk associated with published alerts.
Here is a customizable dashboard created by Skybox Security for the CISA Alert (AA21-209A):