Blockchain

Leveraging CISA’s Known Exploits: Why Validating Attack Surface Vulnerabilities Is Your Most Powerful Defense

adminDecember 9, 2023

More than 20,000 common vulnerabilities and exposures (CVEs) are published every year.One, vulnerability management teams continue to be challenged by the challenge of finding and fixing software with known vulnerabilities. These teams are given the impossible task of patching software across the organization to reduce risk, with the hope that these efforts will help prevent cybersecurity breaches. Because it is impossible to patch every system, most teams focus on resolving vulnerabilities that score highly on the Common Vulnerability Scoring System (CVSS). CVSS is a standardized, repeatable scoring system that ranks reported vulnerabilities from most severe to least severe.

But how do these organizations know that focusing on software with the highest CVE scores is the right approach? It’s great to be able to report to management on the number or percentage of critical severity CVEs that have been patched, but does that metric actually tell you anything about your organization’s improved resilience? Does reducing the number of critical CVEs significantly reduce the risk of a breach? The answer is that, in theory, organizations are reducing their risk of a breach. But in reality, it’s impossible to know for sure.

CISA announces known exploit vulnerabilities to strengthen cybersecurity resilience.

The Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploit Vulnerabilities (KEV) Program was formed as a result of an effort to shift efforts from focusing on theoretical risks to reducing breaches. CISA strongly recommends that organizations regularly review and monitor their catalog of known exploit vulnerabilities and prioritize remediation.2 CISA aims to provide “a trusted source for vulnerabilities exploited in the wild” by maintaining an updated list. Empower your organization to effectively mitigate potential risks to combat cyberattacks.

CISA found a needle in a haystack by narrowing the list of CVEs that security teams should focus on resolving from tens of thousands to just over 1,000 by focusing on the following vulnerabilities:

  • A CVE ID has been assigned.
  • It has been actively exploited in the wild.
  • Take clear remedial action, including vendor-provided updates.

This scope reduction allows overwhelmed vulnerability management teams to deeply evaluate software running in environments that are reported to contain actively exploitable vulnerabilities because they are proven attack vectors and the most likely source of a breach.

Shift from traditional vulnerability management to risk prioritization

CISA KEV Drives Workflow With a smaller list of vulnerabilities, security teams spend less time patching software (a laborious, low-value activity) and more time understanding their organization’s resilience to these proven attack vectors. It was found that it does. In fact, many vulnerability management teams have turned patching into testing to ensure:

  • This vulnerability in CISA KEV could be exploited by software in that environment.
  • The compensatory controls they put in place are effective in detecting and blocking violations. This allows your team to understand the real risks facing your organization while also assessing whether investing in a security defense solution is worth it.

This shift to test for exploitability of vulnerabilities in the CISA KEV catalog is helping organizations mature from traditional vulnerability management programs to continuous threat exposure management (CTEM) programs, a term coined by Gartner that “surfaces and actively prioritizes all of the most threatening threats.” It’s a sign that you are doing your business.” Focusing on proven risks instead of theoretical risks means your team is acquiring new skills and new solutions to help support attack execution across the organization.

The Importance of ASM for Continuous Vulnerability Intelligence Gathering

Attack Surface Management (ASM) solutions provide a comprehensive view of an organization’s attack surface and help clarify cyber risks through continuous asset discovery and risk prioritization.

Continuous testing, a core element of CTEM, states that the program must “validate how attacks work and systems can respond” to ensure security resources can focus their time and energy on the threats that matter most. In fact, Gartner claims that “organizations that base their priorities on a continuous threat exposure management program will be three times less likely to suffer a breach.”three

The maturation of cybersecurity defense thinking for CTEM programs represents a significant improvement over traditional vulnerability management programs because it allows defenders to address the issues most likely to lead to a breach. And as the average cost of a breach continues to increase, preventing breaches should be your goal. Costs have increased 15% over the past three years to $4.45 million, according to IBM’s Cost of a Data Breach report. So, as qualified resources continue to be difficult to find and security budgets become tighter, it’s important to arm your teams with tools to focus more narrowly on vulnerabilities, such as CISA KEV’s Vulnerabilities, and then validate the potential for exploits and assess the resilience of your cybersecurity defenses. Please consider this. .

Identify exploitable vulnerabilities using IBM Security Randori

IBM Security® Randori is an attack surface management solution designed to uncover external exposures through an adversary’s lens. Perform continuous vulnerability validation across your organization’s external attack surface and report on any vulnerabilities that may be exploited.

Figure 1. Randori’s risk-based prioritization algorithm helps prioritize top targets and share the adversarial insights needed to determine impact and risk.

In December 2019, Armellini Logistics was targeted by a sophisticated ransomware attack. The company decided to quickly and successfully recover from the attack while also adopting a more proactive approach to prevention. Randori Recon enabled Armellini to gain deeper visibility into external risks and ensure the company’s asset and vulnerability management systems are updated as new cloud and SaaS applications come online. Armellini has increasingly used Randori Recon’s target lure analysis to classify and prioritize vulnerabilities to patch. These insights helped the Armellini team reduce the company’s risk without impacting business operations.

Figure 2: Randori helps determine if a CVE exists and is exploitable in the external attack surface.

Vulnerability verification capabilities go beyond typical vulnerability management tools and programs by checking for exploitability of CVEs such as CVE-2023-7992, a zero-day vulnerability in Zyxel NAS devices discovered and reported by IBM X-Force Applied Research. team. This validation helps cut through the noise and allows customers to take action on real, rather than theoretical, risks and retest to ensure that mitigation or remediation efforts were successful.

Getting started with IBM Security Randori

Get a 7-day free trial of IBM Security Randori or request a live demo to review your attack surface.

Learn more about IBM Security Randori Recon

1 Revealed CVE records.

2 Catalog of known exploit vulnerabilities.

3 Panetta, Kasey (2023, August 21), How to Manage Non-Episodic Cybersecurity Threats.

Director of Product Management – IBM Security Randori

adminDecember 9, 2023

Related Articles

Mars4 Launches First Game Demo: Play, Build, and Earn on the Real Mars

May 4, 2024

The Galaxy Digital CEO believes Bitcoin will not fall to $50,000-$55,000 without major changes.

March 16, 2024

Mirana Ventures invests $8 million in Toncoin (TON)

March 7, 2024

Top Metaverse Professional Tools You Need to Know

February 6, 2024
Back to top button