CISA Alert – Top routinely exploited vulnerabilities
The board wants to know: Are we exposed to known vulnerabilities?
By Bill Rowan, technical director, Skybox Security AUG 11, 2021
Threat actors continue to exploit known software vulnerabilities. Many are years old. All have available patches from vendors.
Most in the cybersecurity world have seen the recent top 30 exploit list, released in August 2021 by the U.S. Cybersecurity Infrastructure (CISA) and FBI, along with their counterparts in the U.K. and Australia. The top four vulnerabilities listed were discovered between 2018 and 2020, underscoring that many organizations across the public and private sectors still aren’t patching known vulnerabilities fast enough.
To prevent ransomware attacks, we simply can’t keep leaving our defenders drowning in vulnerabilities.
A new approach to vulnerability and threat management
Skybox Research Lab found that traditional remediation tactics only address critical- and high-severity vulnerabilities – while leaving 40% of “low-risk” vulnerabilities unpatched for years. Cybercriminals are targeting these low-hanging fruit hiding in plain sight, turning them into backdoors to deploy complex attacks that are increasing at record rates.
With industry-leading prioritization capabilities, Skybox Security identifies exposed vulnerabilities that will reduce our customer’s attack surface the most. To regain control over complexity, Skybox Security delivers the three most critical cybersecurity metrics for advanced Vulnerability and Threat Management:
- Total number of vulnerabilities across hybrid infrastructure
- Total number of vulnerabilities exploited in the wild
- Total number of exploits on critical assets
Skybox Security Vulnerability Control – identifying CISA alert exploits
If you don’t know where to start with Vulnerability Management, remediating these popular exploits is a good initial step. Using Skybox Security’s customizable dashboards, customers can easily and quickly build views to identify any risk associated with published alerts.
Here is a customizable dashboard created by Skybox Security for the CISA Alert (AA21-209A):
Skybox Security Vulnerability Control – Top routinely exploited vulnerabilities view
Now that Skybox identified which vulnerabilities from the CISA list are in this environment, we then prioritize which vulnerability occurrence needs to be addressed first. For example, below is the drill down into CVE-2020-1472, where Skybox identifies exploitability, exposure, and asset importance to provide a Vulnerability Risk Score.
Skybox Security Vulnerability Control – prioritization view
When looking at the risk of all vulnerabilities identified in this CISA Advisory, Skybox Security measures risk beyond CVSS. In fact, the riskiest vulnerability occurrence is based on a CVE with a lower CVSS score (7.8). However, this vulnerability was bubbled to the top of the list by Skybox automatically because it is on a “Very High” importance asset. This is an excellent example of why using just CVSS scores to prioritize remediation is not enough to prevent a ransomware attack.
Skybox Security Vulnerability Control – CISA list view
Skybox Security Solutions View – identifies remediation options
Once exposed vulnerabilities are identified, Skybox Security automatically presents several remediation options – including available patches, IPS signatures, firewall rules, security tags, configuration changes, and software updates. Advancing beyond the traditional scan-and-patch tactics, Skybox automatically identifies possible remediation solutions that will fix the highest number of vulnerabilities and address exposed assets across hybrid infrastructure.
A Skybox Security customer commented that our platform is “the one tool to rule them all.” We understand that Fortune 1000s are utilizing a complex security toolkit and dealing with accelerated digital transformation. Armed with our advanced insights, customers can confidently show the board they remediated millions of malware exploits over the last quarter.
We have a verifiable, data-driven response to, “What are you doing about the latest ‘celebrity’ vulnerability?” No other strategy can enable organizations to confidently quantify their unique and complex attack surface, no matter the environment or industry.