How to identify ‘perfect storm’ cybersecurity threats

As we pursue the connected future, it’s time to take a science-based approach to enterprise security. Exposure analysis can zero in on the top 1% of ‘perfect storm’ threats – a dream come true for enterprise security professionals. 

Time for a new set of security rules

2020 was a record-breaking year for security threats, with 18,341 new security flaws reported. While not all vulnerabilities are exploited by threat actors, security teams are overburdened with disparate alert notifications that they often describe as “meaningless.” It’s tough for many to say if their cybersecurity tools are truly effective since most don’t yet have a clear picture or understanding of their highly-complex networks. All the while, cybercriminal activity persists. According to the National Fraud Intelligence Bureau, organisations lost a total of £3.8m as a result of 1,741 instances of hacking between February 2020 and February 2021.

From last year’s SolarWinds SUNBURST vulnerability to the recent Microsoft Exchange server flaws, every vulnerability is unique, with individual risk levels and attack paths. Selecting a priority vulnerability for urgent patching is like finding a needle in a haystack. But as new UK government data shows, doing so is vital – four in ten businesses reported having cybersecurity breaches or attacks in the last 12 months. A typical first step to prioritisation is measuring severity, which is defined as a vulnerability that could cause significant damage. With severity prioritisation in place, remediation can typically focus on the top 25% of risks. Many organisations are currently dealing with millions of vulnerabilities, so that’s not granular enough to protect the business from an attack. 

Modern-day challenges demand modern-day answers

To overcome the industry’s most enduring challenges, enterprises need a bigger and better model of their attack surface across hybrid cloud, security controls, and configurations. By zeroing in on ‘perfect storm’ threats, a sophisticated network model can identify: 

• Severity – Could the vulnerability cause significant damage to the business? 
• Importance – Is the vulnerability on mission-critical assets?
• Exploitability – Has the vulnerability been exploited in real-world attacks?
• Exposure – Which attack vectors can be exploited given the security controls and their configurations?

Enterprises that deploy this double whammy of patch remediation and address high-risk vulnerabilities can dramatically reduce risk across complex environments. 

Network modelling makes exposure analysis possible

Exposure analysis is only possible when disparate data repositories are normalised and brought together into a network model. Security leaders can think of the network model like the intuitive map applications that consumers now take for granted. Designed to integrate across highly-complex environments, a network model aggregates insights from dispersed asset management systems, vulnerability data, threat intelligence feeds, and network device configurations. The end result is that defenders can make better security decisions faster. 

Digital transformation is critical to business agility and economic recovery; it also breeds vulnerabilities and demands a new approach to security. By understanding the context of enterprise infrastructure and its security controls – on-premise, private cloud, and public cloud – organisations can better quantify cyber risk, prioritise remediation, and focus in on what matters. 

By Sean Keef, technical director at Skybox Security