It is said that those who are ignorant of history are doomed to repeat it, and this article from CSO shows that assertion reigns true in cybersecurity as well.  Threat actors are continuing to exploit vulnerabilities that have been known publicly since 2017 and earlier.  Compromised enterprises referenced in the article had five years or longer to patch or mitigate these vulnerabilities but failed to do so.  Rarely does a month go by without another article showcasing how companies are continuously compromised by patched vulnerabilities.  Why does this keep happening?

Things are hard and vulnerability management is no exception.  Many enterprises manage tens, or hundreds, of thousands of hosts, each of which may have any number of vulnerabilities at any given time.  As you may well imagine, monitoring such a vast and dynamic attack surface can be tremendously challenging.  The vulnerability state potentially changes on each host with every application installed, patch applied, and configuration modified.  Given the numbers of vulnerabilities cited in the CSO article previously mentioned, tens of thousands of vulnerabilities reported per year and increasing, how can anything short of a small army ever hope to plug these critical infrastructure holes?

If you accept that there is no reasonable way to patch or mitigate every single vulnerability then you must pivot to prioritizing vulnerabilities and managing a reasonable volume off the top, therefore minimizing risk in the context of available resources.  There are many ways to prioritize vulnerabilities, provided you have the necessary vulnerability intelligence to do so.  Filter out all vulnerabilities on platforms that do not exist in your environment.  Focus on those vulnerabilities that exist on public-facing hosts and then work inward.  As you are considering these relevant vulnerabilities, sort them by the likelihood of each being exploited in the wild.

Exodus Intelligence makes this type of vulnerability intelligence and much more available in our EVE (Exodus Vulnerability Enrichment) platform.  Input CPEs that exist within your environment into the EVE platform and see visualizations of vulnerability data that apply specifically to you.  We combine carefully curated public data with our own machine learning analysis and original research from some of the best security minds in the world and allow you to visualize and search it all.  You can also configure custom queries with results that you care about, schedule them to run on a recurring basis, and send you a notification when a vulnerability is published that meets your criteria.

About Exodus Intelligence

We provide clients with actionable information, capabilities, and context for proven exploitable vulnerabilities.  Our world class team of vulnerability researchers discover hundreds of exclusive Zero-Day vulnerabilities, providing our clients with this knowledge before the adversaries find them.  Our research also extends into the world on N-Day research, where we select critical N-Day vulnerabilities and complete research to prove whether these vulnerabilities are truly exploitable in the wild.  

For more information, visit www.exodusintel.com or contact info@exodusintel.com for further discussion.