In recent years, cybercriminals have organized, automated and outsourced fraud techniques, resulting in an increase in commercial packages of complex threats. This productization of cybercrime is making it harder for organizations to keep up: the tools that overworked security teams rely on to discover and mitigate vulnerabilities don’t match the exploit tactics used by the criminals. So, what is the best approach in light of this dynamic threat landscape? How should security leaders stand up to the growing threat of industrialized cybercrime?
Recent reports show that the majority of successful breaches are executed by threat actors that use and re-use a subset of old vulnerabilities whose exploits are being commercially exchanged in the “Dark Web.” By identifying these vulnerabilities — those for which exploits exist in the wild and are being used in attacks — and combining this information with CVSS scores and contextual intelligence of an organization’s IT environment, security leaders can change the game. They gain a true understanding of not only the potential impact and severity of a vulnerability but also the probability of exploitation. This threat-centric vulnerability management augments gradual risk reduction by considering multiple factors inside and outside the organization. It’s a new approach to vulnerability management that requires comprehensive understanding of an organization’s attack surface combined with the prioritization of vulnerabilities by potential, imminent and actual threat levels. Using this approach, security leaders gain the advantage of integrated intelligence, including what vulnerabilities are truly being targeted by adversaries and threat actors in the wild.
Join Skybox Security and (ISC)² on May 10 (Wed) at 12:00 noon (Hong Kong time) to learn more about Commercialized Crimeware and Threat-Centric Vulnerability Management.