One of the most difficult tasks an organization faces is keeping tabs on the ever-growing threat landscape that contains malicious actors constantly probing an organization's attack surface, looking for any weakness. Making life even more difficult is an attacker's ability to quickly take advantage of when critical vulnerabilities and exploits are made public, placing cybersecurity teams on the defensive.
To give organizations an idea of the danger presented by the presence of unpatched vulnerabilities in their systems, Trustwave SpiderLabs compiled The 2021 Trustwave SpiderLabs Telemetry Report, which reviews Internet-facing targets exposed to high-profile vulnerabilities released over the past year. Most notably, the report found that despite the high severity for some of these vulnerabilities, more than 50% of the servers had a weak security posture even weeks and months after a security update was released.
To compile the report, Trustwave SpiderLabs utilized Shodan, publicly available exploit information and non-intrusive analysis of vulnerable targets accessible on the Internet to provide insights into how an organization can best protect itself.
The 2021 Trustwave SpiderLabs Telemetry Report: The State of High Profile Vulnerabilities reviews Internet-facing targets exposed to high-profile vulnerabilities released in 2021. It was compiled using Shodan, publicly available exploit information and non-intrusive analysis of vulnerable targets accessible on the Internet by the Trustwave SpiderLabs team. The report also provides general vulnerability mitigation best practices and tips for CISOs and security practitioners looking to strengthen their cyber resilience.
This year has seen more than its fair share of organizations victimized by attackers who found a vulnerability in their system. In many cases, the organization remained vulnerable due to a failure to patch software promptly. The report also includes best practices for organizations for avoiding vulnerability exploitation.
We sat down with Trustwave SpiderLabs Security Researcher Jason Villaluna to discuss some of the key insights and trends from the 2021 Telemetry Report in more depth.
Most folks outside of IT security will find it surprising that many outdated applications and services are accessible from the Internet. Since many tools can detect these instances, it means the applications can be easily exploited by individuals who have the skills to do so. The worrisome aspect of this is that many organizations are not aware of the risks of exposing such apps and services.
There are several reasons why organizations struggle with vulnerability management and patching.
First, not every system is created equal. Some are very complex, so that immediate patching is simply not possible. A patch may need several levels of testing and approval from different teams or departments so the organization can be assured that this patch will not harm their current system and work as intended.
Next, not all organizations have a team that can solely focus on vulnerability management. However, as the importance of patching is realized, some organizations are starting to implement a vulnerability management process. Then there is the fact that some organizations just don't have the budget to implement such a team, resulting in some teams having to handle several tasks.
There are many best practices for organizations to implement that will improve their defenses. I've listed a few here that will reduce the risk of becoming victimized by high profile vulnerabilities: