Story image

Companies swamped by critical vulnerabilities – Tenable

09 Nov 2018

Tenable has today announced its Vulnerability Intelligence Report from Tenable Research, which provides an overview of real-world current vulnerability trends and insights into how organisations assess and respond to the unrelenting barrage of new cyber risks.

The research found that enterprises identify 870 unique vulnerabilities on internal systems every day, on average.

Of those, more than 100 vulnerabilities are rated as critical on the common vulnerability scoring system (CVSS) — an industry standard measurement. Prioritisation based solely on CVSS ratings is failing the industry and leaves organisations unable to effectively and confidently focus on which vulnerabilities require immediate action. 

The Vulnerability Intelligence Report’s findings confirm that managing vulnerabilities is a challenge of scale, volume and velocity.

The Tenable Research team analysed anonymised data from 900,000 vulnerability assessments across 2,100 enterprises.

The team estimates that the industry is on track to disclose up to 19,000 new vulnerabilities in 2018, an increase of 27% over 2017.

Yet in 2017, public exploits were available for seven percent of all vulnerabilities, meaning that 93% of all vulnerabilities posed an only theoretical risk. For most vulnerabilities, a working exploit is never developed and of those, an even smaller subset is actively weaponised by threat actors, making it difficult to understand which vulnerabilities to remediate first, if at all.

This lack of rigorous prioritisation means that organisations are struggling to assess and manage more vulnerabilities than ever and consequently, they are unable to make strategic technology decisions.

For example, Adobe Flash will be unsupported from 2020 onward and is not commonly used in most enterprise environments.

Yet Adobe Flash still lingers in enterprise environments and its vulnerabilities represent half of the 20 most prevalent application vulnerabilities in enterprise environments. 

“When everything is urgent, triage fails. As an industry, we need to realise that effective reduction in cyber risk starts with effective prioritisation of issues,” says Tenable product management senior director Tom Parsons.

“To keep up with the current volume and velocity of new vulnerabilities, organisations need actionable insight into where their greatest exposures lie; otherwise, remediation is no more than a guessing game. This means organisations need to focus on vulnerabilities that are being actively exploited by threat actors rather than those that could only theoretically be used.” 

To address this deluge of vulnerabilities, Tenable has announced Predictive Prioritisation, a feature which will provide organisations with a capability to prioritise those vulnerabilities which pose the greatest actual risk to the business.

With Predictive Prioritisation, Tenable is combining a variety of data sources and threat intelligence with data science algorithms to determine the probability of a vulnerability being leveraged by threat actors.

Gartner: AI to reduce project management workload
80% of the work performed project management teams will be taken over by AI by 2030, starting this year.
Microsoft Teams’ eight new and upcoming features
After taking Best in Show at Enterprise Connect, Microsoft Teams will be seeing eight new capabilities over 2019.
IDC: NZ's PC market surprise growth will not last
Despite the growth witnessed at the end of 2018, IDC predicts that New Zealand’s traditional PC market in 2019 will decline by -4.4% YoY.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Vector penalised $3.5 million for excessive levels of power outages
''Given the impact electricity outages have on consumers and businesses it is crucial that lines companies have systems in place to identify and manage the risks present in their networks."
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
Microsoft offers Government free digital skills training
Upwards of 60 workshops will be offered, aimed at giving staff a vital grounding in cloud technologies, artificial intelligence and other skills.
Google certifies Panasonic rugged devices for enterprise
The Toughbook T1 and N1 handhelds meet all requirements for Google’s rugged Android certification.