Blog

CISA Alert – Top routinely exploited vulnerabilities

The board wants to know: Are we exposed to known vulnerabilities?

By Bill Rowan, technical director, Skybox Security AUG 11, 2021

Threat actors continue to exploit known software vulnerabilities. Many are years old. All have available patches from vendors.

Most in the cybersecurity world have seen the recent top 30 exploit list, released in August 2021 by the  U.S. Cybersecurity Infrastructure (CISA) and FBI, along with their counterparts in the U.K. and Australia. The top four vulnerabilities listed were discovered between 2018 and 2020, underscoring that many organizations across the public and private sectors still aren’t patching known vulnerabilities fast enough.

To prevent ransomware attacks, we simply can’t keep leaving our defenders drowning in vulnerabilities.

A new approach to vulnerability and threat management

Skybox Research Lab found that traditional remediation tactics only address critical- and high-severity vulnerabilities – while leaving 40% of “low-risk” vulnerabilities unpatched for years. Cybercriminals are targeting these low-hanging fruit hiding in plain sight, turning them into backdoors to deploy complex attacks that are increasing at record rates.

With industry-leading prioritization capabilities, Skybox Security identifies exposed vulnerabilities that will reduce our customer’s attack surface the most. To regain control over complexity, Skybox Security delivers the three most critical cybersecurity metrics for advanced Vulnerability and Threat Management:

  1. Total number of vulnerabilities across hybrid infrastructure
  2. Total number of vulnerabilities exploited in the wild
  3. Total number of exploits on critical assets

Skybox Security Vulnerability Control – identifying CISA alert exploits

If you don’t know where to start with Vulnerability Management, remediating these popular exploits is a good initial step. Using Skybox Security’s customizable dashboards, customers can easily and quickly build views to identify any risk associated with published alerts.

Here is a customizable dashboard created by Skybox Security for the CISA Alert (AA21-209A):

Skybox Security Vulnerability Control – Top routinely exploited vulnerabilities view

Now that Skybox identified which vulnerabilities from the CISA list are in this environment, we then prioritize which vulnerability occurrence needs to be addressed first. For example, below is the drill down into CVE-2020-1472, where Skybox identifies exploitability, exposure, and asset importance to provide a Vulnerability Risk Score.

Skybox Security Vulnerability Control – prioritization view

When looking at the risk of all vulnerabilities identified in this CISA Advisory, Skybox Security measures risk beyond CVSS. In fact, the riskiest vulnerability occurrence is based on a CVE with a lower CVSS score (7.8). However, this vulnerability was bubbled to the top of the list by Skybox automatically because it is on a “Very High” importance asset. This is an excellent example of why using just CVSS scores to prioritize remediation is not enough to prevent a ransomware attack.

Skybox Security Vulnerability Control – CISA list view

Skybox Security Solutions View – identifies remediation options

Once exposed vulnerabilities are identified, Skybox Security automatically presents several remediation options – including available patches, IPS signatures, firewall rules, security tags, configuration changes, and software updates. Advancing beyond the traditional scan-and-patch tactics, Skybox automatically identifies possible remediation solutions that will fix the highest number of vulnerabilities and address exposed assets across hybrid infrastructure.

A Skybox Security customer commented that our platform is “the one tool to rule them all.” We understand that Fortune 1000s are utilizing a complex security toolkit and dealing with accelerated digital transformation. Armed with our advanced insights, customers can confidently show the board they remediated millions of malware exploits over the last quarter.

We have a verifiable, data-driven response to, “What are you doing about the latest ‘celebrity’ vulnerability?” No other strategy can enable organizations to confidently quantify their unique and complex attack surface, no matter the environment or industry.

Related
Learn more about Skybox Security Vulnerability Management.

The Skybox Blog Team is a group of talented, security-conscious writers dedicated to bringing you insights into trending topics, IT security developments, and Skybox solutions.

Read More

Could the “ex-factor” limit the blast radius and reduce the impact of the SolarWinds breach?
Read More
Partner Q&A – Head of Orca Tech on staying ahead of dynamically changing attack surfaces
Read More
A conversation with IDC: from digital transformation to security transformation
Read More