In 2021, around 22,000 vulnerabilities were published,1 with the most notorious (the Log4j vulnerability CVE-2021-44228) being just one of nearly 10,000 known security vulnerabilities detected in open source components. Shocking numbers, but behind these headlines, most cyberattacks take advantage of known vulnerabilities that have not been patched, taking advantage of the fact that organizations simply cannot keep pace with the scale of the problem.
Amid the differing scanner results and false positives, many organizations end up with vulnerability fatigue as they battle to prioritize, manage, and mitigate an endless stream of issues. So, what’s the answer, and how do you decide what to fix first?
For hard-pressed CISOs with their sights set firmly on cost and value, there’s a new capability from Skybox that’s designed to address this, helping them make informed, data-driven decisions about what to address based on the dollar value of their technology assets to the organization.
Cyber risk quantification to the rescue
The new automated Cyber Risk Quantification (CRQ) capability is a part of Skybox Vulnerability Threat Management, a solution that enables CISOs to:
- Prioritize critical cyber risks based on vulnerabilities that are exposed and exploited in the wild
- Target risk mitigation on the most significant risks with remediation options that go beyond patching
- Make data-driven decisions as they navigate the risks and opportunities of digital transformation
- Calculate ROI of cybersecurity budgets to validate investments and report on the financial impact
CRQ helps pinpoint cyber risks with the highest potential financial impact, improving decision-making, and strengthening the organization’s security posture.
Organizations with mature risk-scoring, exposure analysis, attack surface visibility, and vulnerability assessment practices experience fewer breaches
With this CRQ new capability, Skybox addresses a key area in which CISOs can mature their cybersecurity program. A new groundbreaking global cybersecurity benchmark study, Cybersecurity solutions for a riskier world found that risk-based leaders experienced less breaches than others. Risk-based leaders were more mature in the areas of risk scoring, exposure analysis, vulnerability assessments, attack surface visualization, and more. Additionally, over one-quarter of risk-based leaders made significant investments in cyber risk modeling over the past two years. However, identifying, and quantifying risk is not easy. The #1 challenge cited by C-level decision-makers in the benchmark study was inadequate identification of key risks. Furthermore, 41% of all executives with responsibility for cybersecurity and 46% of CIOs say that their organizations have not kept pace with digital transformation. And 40% of CISOs say they are not well prepared for the rapidly changing threat landscape.2
Industry’s most advanced vulnerability threat management solution
The latest release to Skybox Vulnerability Threat Management includes a range of new features designed to ensure it is the most advanced vulnerability management solution on the market. Features include a major network model update that significantly increases customer time to value and real-time exposure analysis through faster aggregation across customers’ disparate tech stacks and security toolkits.
Actual and timely risk reduction is how we ultimately define customer success"
Gidi Cohen
| Founder
Skybox Security
Skybox Security is the only solution that builds an extensive model of a customer’s unique hybrid environment, including all L3 devices. The network model is continuously updated, incorporating customer scan data and proprietary threat intelligence feeds from the Skybox Research Lab.
Key features
Skybox Vulnerability Threat Management provides:
- Asset and vulnerability discovery designed to identify the blind spots that active scanning solutions can’t reach. Customers gain a complete picture of their unique hybrid attack surface. The product aggregates multi-vendor scan data from across a customer’s environments and discovers vulnerabilities across unscannable cloud workloads.
- Vulnerability prioritization zooms in on the gaps an adversary will exploit first by analyzing exploitability, criticality, asset importance, and exposure. The Skybox algorithm prioritizes risk using a flexible, customizable formula that can be tailored to a customer’s unique business. The platform identifies the most effective remediation options, including network-based compensating controls to supplement patches and software updates.
- Network modeling and attack surface visualization to show how risks are mitigated with a layered combination of alternative native, custom, and other security controls. The Skybox network model enables path analysis and attack simulation to identify exposed vulnerabilities.
- Targeted vulnerability remediation that highlights potential attack paths, enabling customers to prioritize which security controls will mitigate a threat or an attack.
As more and more vulnerabilities are exposed and exploited in the wild, it’s vital to zero in on what matters by using our Vulnerability Threat Management capabilities to continually collect and aggregate security control data across disparate and highly complex environments, normalize the data, and turn it into actionable insight based on the value to you.
References:
- 25+ cyber security vulnerability statistics and facts of 2021, Comparitech, January 29, 2022
- Cybersecurity solutions for a riskier world, Thoughtlab, May 2022
