Vulnerability Intelligence
What is Vulnerability Intelligence?
Vulnerability intelligence is a type of threat intelligence that focuses on identifying and reporting the newest vulnerabilities, bugs, and exploits used by cyber criminals to infiltrate and steal sensitive data from their enterprise targets.
Effective vulnerability intelligence helps organizations identify potential security risks that originate from known application vulnerabilities and take the appropriate steps to mitigate vulnerabilities before they can be exploited by cyber attackers. These steps may include installing a patch provided by the software company, or deactivating the application until a patch is available.
With over 18,000 new software vulnerabilities reported by vendors in 2020, SecOps teams now depend on modern threat intelligence services to track the latest vulnerabilities being reported publicly, filter out the noise (e.g. vulnerability intelligence that pertains to applications the enterprise does not use), and deliver contextually relevant and actionable vulnerability intelligence
What is a Vulnerability?
A vulnerability is a security flaw in a piece of software that may be exploited by a threat actor to either disrupt the application or gain unauthorized access to secure networks or data.
Cyber adversaries work to discover new software vulnerabilities and develop exploits to take advantage of them. An exploit is an application, a script, or a sequence of actions that interacts with a known software vulnerability to trigger unintended outcomes, often allowing the attacker to gain control of a computer system, escalate privileges, or or exfiltrate data.
Publicly known software vulnerabilities are documented in the Common Vulnerabilities and Exposures (CVE) system, a database operated by The Mitre Corporation with funding from the United States Department of Homeland Security.
What are the most common types of Vulnerabilities?
There are many different types of software vulnerabilities that may be exploited by cyber attackers.
Security bugs
Security bugs are errors in the source code of an application that can be exploited to gain illicut access or secure unauthorized privileges on a computer system.
Security bugs create software vulnerabilities when they compromise security-related processes such as user authentication, user permissions and privileges, or the confidentiality or integrity of user data. The most common types of security bugs include improper use case handling, improper exception handling, resource leaks, and improper API usage.
When a security bug is discovered in an application, the vendor will (hopefully)work to develop and release a patch that fixes the bug and addresses the vulnerability. Vulnerability intelligence keeps enterprise security teams informed about new security bugs that could be exploited to attack their networks and systems.
Unpatched or outdated software
Even when vulnerabilities are known and patches are available, enterprises don’t always get around to patching known vulnerabilities before they can be exploited. In a survey conducted by the Ponemon Institute in 2019, 60% of respondents said that a data breach had occurred at their organization because an available patch for a known vulnerability was not applied.
This finding highlights the importance of contextually relevant and actionable vulnerability intelligence that helps enterprise SecOps teams identify their biggest priorities when it comes to managing and patching software vulnerabilities.
Vulnerabilities in dependencies
Modern software applications almost always contain some combination of open source/third-party code and external libraries or dependencies.
And while leveraging these external resources can accelerate the development of new software products, it can also introduce security vulnerabilities that exist within third-party code into the new application.
Some software applications contain tens or hundreds of external dependencies, making it time-consuming and tedious for development teams to update them all as new versions and patches are released.
Vulnerability intelligence can empower DevOps teams with greater situational awareness of software vulnerabilities impacting their application’s dependencies and third-party code.
Zero-Day Vulnerabilities
A zero-day vulnerability is a software vulnerability that is discovered and exploited by cyber criminals before it has been detected or patched by the software vendor. Zero-day are difficult to anticipate and prevent, but must be mitigated as quickly as possible to prevent data theft, service interruptions, or financial losses.
Vulnerability intelligence can provide valuable information and insights into the behaviors, motivations, and TTP of digital threat actors targeting enterprises with zero-day exploits, enabling security teams to decisively disrupt and mitigate their attacks.
How does Vulnerability Intelligence protect your organization?
Discover which Vulnerabilities are exploited by threat actors
Vulnerability intelligence gives your enterprise insight into the behavior of hackers who exploit software vulnerabilities, including their motivations, TTP, and the vulnerabilities they target.
Track Vulnerabilities that impact your application ecosystem
Curated vulnerability intelligence helps organizations filter through the thousands of new vulnerabilities reported each year and stay focused on managing vulnerabilities that impact their application ecosystem.
Prioritize software upgrades and patches
Security teams often don’t have time to upgrade every application component or install patches as soon as they are released, but vulnerability intelligence can help those teams organize and prioritize the remediation activities that matter most to prevent future attacks.
Fight back against Zero-Day exploits
Vulnerability intelligence provides context and insights into zero-day exploits that can help enterprise SecOps teams respond more decisively to mitigate the attack.
Track and prioritize Vulnerabilities with ZeroFox Threat Intelligence
The ZeroFox Platform delivers advanced AI-powered digital risk protection, cyber threat intelligence, and adversary disruption services.
Our global team of threat intelligence experts conducts research, analysis, and vulnerability assessment at a global and individual scale, delivering curated vulnerability intelligence and recommendations that help security teams protect enterprise networks from cyber attacks.
Download our latest Quarterly Threat Landscape Report to read about the newest documented vulnerabilities and exploits used by the criminal underground to target enterprise organizations.