September 17, 2020 • The Recorded Future Team
Vulnerability management is a lot like playing whack-a-mole. Every time you patch one vulnerability, two new ones pop up in its place. And threat actors only need one opportunity to get inside your network and cause devastating harm.
CVSS Scores No Longer Cut It
There were more than 17,000 new vulnerabilities in 2019, and that number increases every year. The Common Vulnerability Scoring System, or CVSS, is the most common score vulnerability management teams use when prioritizing what to patch first. But over 60% of vulnerabilities from 2019 are rated CVSS critical or high, giving vulnerability management teams an enormous backlog of vulnerabilities to patch quickly.
Using CVSS to prioritize vulnerabilities without context doesn’t really make sense. CVSS doesn’t measure risk; it only measures severity. This helps you understand how severe an incident might be if a vulnerability were to be exploited, but it gives you zero insight into how likely the vulnerability is to be exploited at your company.
CVE-2018-20250, for example, has a CVSS 2.0 score of 6.8, putting it at medium severity. Yet CVE-2018-20250 was one of the top 10 most exploited vulnerabilities in 2019. It should absolutely be at the top of your prioritization queue.
Not All Vulnerabilities Are Equal
The truth of that matter is, only 5.5% of vulnerabilities are actually exploited in the wild. That means security and IT teams are wasting far too much valuable time remediating low-risk vulnerabilities. That time should be spent focusing patching vulnerabilities that are likely to be exploited soon. But vulnerability management professionals often lack the visibility they need to make smart prioritization decisions.
Adding to the trouble, adversaries are getting faster. Today, it only takes about 15 days for an exploit to appear in the wild once a vulnerability is identified. So, even though not all vulnerabilities are exploited, it happens quickly for the ones that are.
Vulnerability management teams need to be able to keep up. To quickly reduce the most possible risk, security teams need external context that empowers them to prioritize based on the likelihood of vulnerability exploitation — not just the severity.
Security Intelligence for Risk-Based Vulnerability Prioritization
Security intelligence makes vulnerability management teams far more effective. It uses real-time data to score vulnerabilities based on exploitability and delivers the context you need to prioritize patches that matter most and prevent attacks.
Vulnerability intelligence from Recorded Future empowers you to stay a step ahead of your adversaries with temporal risk scoring that surfaces the most actively dangerous vulnerabilities. Automatically detect reporting of new observables — including vulnerabilities, exploits, proof of concept code, exposed company assets, and threat actors targeting organizations and industries.
Knowing what has been exploited in the past is a great first step, but knowing what has been observed in the wild recently is significantly better. Some vulnerabilities trend for a moment, while others, especially Microsoft vulnerabilities, stick around for years as a core component of an attacker’s arsenal.
Learn More About Vulnerability Intelligence
For more on how Recorded Future’s Vulnerability Intelligence Module enhances your overall security program, watch the short on-demand webinar, “Disrupt Adversaries with Vulnerability Intelligence,” right now.