Whilst 2021 was a year that was dominated by ransomware headlines, much of the underlying intrusions were exploiting common vulnerabilities. Combined with some of the most damaging vulnerabilities that demanded immediate attention. Moreover, as the Vulnerability Intelligence Report found “the average time to known exploitation for vulnerabilities in this report is 12 days in 2021 compared with 42 days for vulnerabilities in our 2020 report—a 71% decrease.” Therefore the demand for mitigating these vulnerabilities in a timely fashion has never been so important.
This presentation considers the demand for vulnerability prioritization, not just considering vulnerability impact but how Threat Intelligence can consider probabilistic exploitation by malicious actors to support what gets addressed first. When the time to exploitation supported months to mitigate the vulnerability, to a world in which threat actors exploit in days.