Vulnerability and Threat Trends Report 2022
Vulnerability and Threat Trends Report 2022
Advanced risk scoring is essential for today’s attack surface management .....................20
Methodology ........................................................................................................................................................ 23
Introduction
Gidi Cohen, CEO and founder, Skybox Security
If the events of 2021 tell us anything closed with the even more alarming discovery of
the Log4Shell vulnerability, potentially impacting
about the state of cybersecurity, it’s
hundreds of millions of devices. Between these
that you can’t fight today’s battles two bombshells came a procession of increasingly
with yesterday’s tools. The rapid damaging breaches, ranging from ransomware
attacks to industrial espionage and sabotage. No
evolution of the threat landscape has sector was safe. Even the critical infrastructure
made past approaches to vulnerability we depend on for energy, water, and food was
management outmoded, if not attacked. The average cost of data breaches hit
$4.24 million, up nearly 10% from 2020.2
downright archaic.
On top of all this, cybersecurity organizations
A phase shift was already well underway when continue to suffer from significant staffing gaps.
the COVID-19 pandemic kicked it into high gear. In recent surveys, security leaders confided that
It has led to a dramatic expansion of the attack skills shortages are making it more difficult to
surface, fueled by the headlong migration to the meet security needs and respond effectively to
cloud and the explosion of IT and OT (operational incidents.3 4 The “great resignation” has worsened
technology) assets. Public cloud usage is expected the talent shortage and led to a loss of institutional
to grow threefold in the next five years. And IDG knowledge.
predicts that there will be over 55 billion connected
devices worldwide by 2025, with 75% connected
to an IoT platform.1 Spurred by the pandemic, the
pivot to remote work and the hurried rollout of new
online services have accelerated these shifts.
Average cost of a data
At the same time, threats multiplied, and attacks breach in 2021 was
$4.24M
occurred at a cadence and scale never seen before. 2
The security industry was just absorbing the news
of the Solar Winds hack when 2021 began; the year
1
Digital Devices Took Over Our Lives In 2020: Here’s How To Stay Secure, Forbes, April 15, 2021
1 2
2021 Cost of a Data Breach Report, IBM, July 28, 2021
3
A Resilient Cybersecurity Profession Charts the Path Forward, (ISC)2, 2021
4
Global Cybersecurity Outlook 2022, World Economic Forum, January 18, 2022
Our own data, analyzed by Skybox Research Lab
and detailed in this report, paints a vivid picture of
the new reality confronting CISOs and their teams.
The findings reveal not only how vulnerabilities
— especially in OT — are proliferating at an
unprecedented rate, but how threat actors have
gotten better and faster at capitalizing on them
Zero-day
with a range of new malware and exploits.
280
It’s stunning to consider that, even as zero-day
attacks nearly doubled in 2021,5 the average
time companies need to detect and respond to
cyberattacks stretched to 280 days.6
2
5
2021 has broken the record for zero-day hacking attacks, Technology Review, MIT, September 23, 2021
6
2021 Cost of a Data Breach Report, IBM, July 28, 2021
Key findings
New vulnerabilities hit an all-time high
There were 20,175 new vulnerabilities published in 2021, up from 18,341 in
2020. That’s the most vulnerabilities ever reported in a single year, and it’s
the biggest year-over-year increase since 2018. The new vulnerabilities add
to a huge cumulative total, making it harder than ever for security teams to
prioritize and remediate issues.
3
Record-breaking growth in
new vulnerabilities
New vulnerabilities hit an all-time high in 2021, associated vulnerabilities are climbing accordingly (see
surpassing 20,000 for the first time. In all, there were “OT vulnerabilities surge,” on page 8). Further, many
20,175 CVEs (common vulnerabilities and exposures) formerly air-gapped OT systems are now connected
published in 2021, 10% higher than in 2020. That’s the to networks and exposed to external threats without
biggest jump since 2018. The growth increased in the adequate safeguards.
second half of the year, with 10,723 CVEs published,
the most we’ve ever seen in a six-month period.
4
7
Top 2022 Risks, Gartner, December 10, 2021
Vulnerabilities have more than tripled New vulnerabilities, worrisome as they may be, are just
the tip of the iceberg. The total number of vulnerabilities
over the past ten years published over the last 10 years reached 166,938 in 2021
— a three-fold increase over a decade. These cumulative
200k vulnerabilities, piling up year after year, represent an
166,938 enormous aggregate risk, and they’ve left organizations
160k struggling with a mountain of “cybersecurity debt.”8 As
CISA (the U.S. Cybersecurity and Infrastructure Security
120k Agency) highlights in its list of “Top Routinely Exploited
Vulnerabilities,” threat actors are routinely attacking
80k
publicly disclosed vulnerabilities from years past.9
50,732
40k
The sheer volume of accumulated risks — hundreds of
thousands or even millions of vulnerability instances
0
2012 2021 within some large organizations — means that security
Cumulative vulnerabilities
teams can’t possibly isolate and patch all of them.
Instead, they need to focus on the exposed vulnerabilities
that, if exploited, could cause the most significant
Many new vulnerabilities are also propagating via
business impacts.
compromised code libraries and other building blocks
— including popular open-source software — used in
the software supply chain. Some of these vulnerabilities
“
are inadvertent flaws; others are deliberately implanted
by threat actors for use in subsequent exploits, a tactic
Malicious cyber actors will most
known as “poisoning.” The vulnerable components are
incorporated into a wide array of enterprise software, likely continue to use older known
undetected by developers and customers. The Log4Shell
vulnerabilities, such as CVE-2017-11882
vulnerability, discovered in December 2021 and affecting
millions of systems, is an example of how an unintentional affecting Microsoft Office, as long as
flaw in open source software can have catastrophic
consequences (see “Log4Shell vulnerability highlights
they remain effective and systems
supply chain risks,” on page 18). remain unpatched.”
– CISA10
5
8
The rise of cybersecurity debt, TechCrunch, June 4, 2021
9-10
Alert (AA21-209A): Top Routinely Exploited Vulnerabilities, CISA, July 28, 2021
Attackers and exploits are evolving rapidly
Concurrent with the rise in vulnerabilities, we’re seeing a rapid evolution of the threat landscape as a whole.
Cybercrime has become a vast and thriving industry, with a sprawling ecosystem of specialized goods and
services designed to enable and assist threat actors and all varieties of attack, along with an extensive
infrastructure to facilitate clandestine communication, collaboration, and financial transactions.
6
Cybercriminals have become increasingly diverse. Innovative tools aren’t just making cybercrime
On one side of the spectrum, nation-state actors more accessible; they also enable a new level of
are using cyber assaults as a weapon against sophistication and stealth. Recent years have seen
geopolitical rivals. With international tensions flaring a steady rise in malware designed to facilitate
in the wake of Russia’s invasion of Ukraine, a new complex multistage campaigns and hard-to-detect
era of intensifying state-sponsored attacks may exploits such as fileless attacks (where the malicious
be at hand. Russian hackers have already targeted code is injected directly into memory, not installed
Ukraine on previous occasions, dating back to 2015, on a hard drive).
when an attack on the Ukrainian electrical grid
cut off power to 230,000 customers. The current Given all the threats and threat actors, it’s not
conflict has experts contemplating the possibility surprising that cyberattacks have become more
of full-on cyber warfare.11 CISA takes the threat of frequent, bigger, and more costly. Prominent
escalating attacks so seriously that it recently issued examples from the past few years include:
a rare “shields-up” warning, recommending that
“all organizations — regardless of size — adopt a + Zero-day attacks exploiting vulnerabilities in
heightened posture when it comes to cybersecurity Microsoft Exchange Server, impacting tens of
and protecting their most critical assets.”12 thousands of organizations.
+ Supply chain attacks targeting IT software from
At the other end of the spectrum, cybercrime is SolarWinds and Kaseya. The SolarWinds attack
attracting a growing legion of grassroots operators affected an estimated 18,000 organizations,
motivated by economic incentives. The quick money while the Kaseya attack impacted roughly 800-
to be made from exploits such as cryptojacking and 1,500 businesses.
ransomware is tough to resist, especially in parts of
+ Vital infrastructure attacks including the
the world where pay is low and legitimate career
Colonial Pipeline ransomware attack, which
opportunities are few and far between. Easy-to-use
disrupted fuel supplies in the southeastern U.S.
exploit kits and malware-as-a-service (MaaS) have
made it remarkably simple for non-experts to get
into the game and start reaping financial returns.
7
11
What Russia’s Ongoing Cyberattacks in Ukraine Suggest About the Future of Cyber Warfare, Harvard Business Review, March 7, 2022
12
Shields Up, CISA, March 2022
OT vulnerabilities surge
As dramatic as the rise in overall vulnerabilities was New OT vulnerabilities increased
88%
in 2021, the vulnerabilities assigned specifically to
OT products grew even faster. That number nearly
doubled, from 690 in 2020 to 1,295 in 2021. In addition, 1295
2021
the number of OT advisories published by CISA
jumped 54%.
8
The explosion of IoT and industrial IoT (IIoT) OT attacks are now occurring with frightening regularity.
products, ranging from sensors to smart appliances to Examples from 2021 include:
environmental control and industrial automation systems,
has greatly exacerbated the problem. In a survey by The attack on a water treatment plant in
Forrester, security decision-makers whose organizations Oldsmar, Florida, where hackers attempted to poison
were hit by cyberattacks said IoT devices were among the the water supply with sodium hydroxide (lye).
most frequent targets.13 The ransomware attack linked to the Russia-based
DarkSide cybercrime ring that shut down the Colonial
The stakes couldn’t be higher. OT systems include Pipeline, resulting in temporary fuel shortages
critical infrastructure (energy, water, transportation, and panic buying in the southeastern U.S.
and environmental control systems) and other essential The ransomware attack by another Russia-based
equipment. Attacks on vital assets can inflict serious organization, REvil, on the world’s largest meat
economic damage and even endanger public health processor (JBS), interrupting operations.
and safety. Threat actors may sabotage or manipulate
vulnerable OT systems to cause actual physical harm or to Prompted in part by the Colonial Pipeline attack, the
extort ransoms, knowing that many companies will readily federal government has elevated OT to a matter of
pay to avoid disruptions or shutdowns. national security. In July 2021, the White House addressed
the gravity of the situation, stating that “the cybersecurity
As OT and IT networks converge, threat actors are threats posed to the systems that control and operate the
increasingly exploiting vulnerabilities in one environment critical infrastructure on which we all depend are among
to reach assets in the other. Many OT attacks begin with the most significant and growing issues confronting our
an IT breach, followed by lateral movement to access OT Nation.” The Biden administration announced a new joint
equipment. Conversely, intruders may use OT systems as public-private initiative to bolster critical infrastructure,
stepping stones to IT networks, where they can deliver including the electrical subsector, natural gas pipelines,
malicious payloads, exfiltrate data, launch ransomware water and wastewater systems, and the chemical sector.14
attacks, and conduct other exploits. Increasingly, malware
is designed to exploit both IT and OT resources.
9
13
The State of IoT Security, Forrester, July 9, 2021
14
National Security Memorandum on Improving Cybersecurity for Critical Infrastructure Control Systems, The White House, July 2021
“
That’s a positive development, but awareness is still
lagging in many organizations. Skybox Security’s
recent survey of OT security decision-makers revealed Attacks on
that cybersecurity risk is widely underestimated.15 For
example, 56% of all respondents were highly confident organizations in
that their organization would not experience an OT
breach in the next year, yet 83% said they had at least critical infrastructure
one OT security breach in the prior 36 months. Forty
sectors have increased
percent of all respondents said that OT is an afterthought
compared to other digital initiatives. dramatically, from
Compounding the problem is the fact that many flaws less than 10 in 2013 to
in OT systems are hidden from security teams. That’s
because most OT systems are hard or impossible to
almost 400 in 2020.
scan. At best, companies scan them infrequently (once
or twice a year) because they can’t afford to take these That’s a 3,900%
mission-critical systems offline or degrade service.
Likewise, patching many OT systems is technically increase.”
impossible or too cumbersome and costly to address
all vulnerabilities. As a result, many OT environments
are riddled with security holes, with no effective way to – According to Gartner®16
assess weaknesses, much less fix them.
11
Predicts 2022: Cyber-Physical Systems Security — Critical Infrastructure in Focus,
17
Katell Thielemann, Wam Voster, Barika Pace, Ruggero Contu, Richard Hunter, Gartner, November 17, 2021
That’s why a modern vulnerability management attack simulation, and exposure analysis. In so
strategy must begin with a holistic view that models doing, they can identify and assess risks far more
and visualizes the entire attack surface, including accurately than was previously possible. Improved
IT and OT environments and all of the connections risk assessment, in turn, enables organizations
among them. This means going beyond active to prioritize resources and implement the most
scanning to include scanless detection techniques. effective remediations: not just patching (which
Scanless detection expands coverage by correlating may be impossible or impractical) but also applying
asset information from generic CMDB parsers and methods that reduce exposures and shrink the
patch management repositories with updated attack surface while maintaining uptime. Examples
vulnerability data from threat intelligence sources. of such measures include segmenting networks
The result is continuous non-intrusive discovery or disconnecting OT devices where connections
on non-scannable assets (routers, switches, and aren’t necessary; adjusting configurations; enforcing
sensitive OT devices) and fills in the gaps between policies; and applying IPS (intrusion prevention
active scan events on scannable assets. system) signatures. The goal is not just to cut off
initial breaches where possible, but also to prevent
This collected information can be analyzed in a lateral movement that enables attackers to jump
model of the entire network environment. Teams from IT to OT systems and vice versa, or from less
can use the model to conduct path analysis, critical devices to core systems.
Katell Thielemann, Wam Voster, Barika Pace, Ruggero Contu, Richard Hunter, Gartner, November 17, 2021
Network device vulnerabilities climb steadily
We tallied 933 new vulnerabilities in network
devices in 2021. The growth in network device
vulnerabilities hasn’t fluctuated much since 2018,
New vulnerabilities
when new vulnerabilities ticked up 35%. In other in network devices over 5 years
words, while vulnerabilities continue to grow, the
rate of growth at least appears to have stabilized. 1,030
That may be because network device innovation has
926 933
slowed, or because vendors are getting better at 909
detecting and eliminating vulnerabilities.
13
Multistage attacks on the rise
Increasingly, threat actors are employing multistage Such exploits, which Forrester calls “land and
attacks to circumvent defenses and burrow deeper expand vectors,”20 underscore a major weakness in
into organizations. Once restricted to the most traditional approaches to vulnerability management.
sophisticated hackers, these chained attacks can Such approaches often focus on high- and critical-
now be carried out even by relative novices, thanks severity vulnerabilities, assuming that lower severity
to readily available exploit kits and MaaS that enable flaws can’t do much harm. But in reality, multistage
inexperienced hackers to execute complicated campaigns often exploit less severe vulnerabilities to
exploits with no expertise. gain initial ingress, then escalate the attack through
lateral movement.
Typically multistage attacks begin when a threat
actor takes advantage of a stolen credential or In this threat landscape, organizations must
common vulnerability to gain initial access to a use tools that:
system such as a user workstation or network
device. Once they’ve gained a beachhead, they 1 Analyze actual exposure, enabling security
can use a series of local exploits to escalate professionals to detect and close vulnerable entry
their privileges to administrator status, conduct points (see “Advanced risk scoring is essential for
reconnaissance, and compromise high-value today’s attack surface management” on page 20).
resources such as directories and hard drives
containing sensitive information. This allows them 2 Perform path analysis to identify potential links in
to encrypt or exfiltrate critical data as part of a chained attack.
ransomware attacks.
3 Recommend effective remediations and policy
“
controls that reduce the “blast radius” even when
Some of the most widespread and devastating attacks intruders breach the perimeter.
have included multiple vulnerabilities rated ‘high,’
‘medium,’ or even ‘low.’ This methodology, known as Such measures may include applying network
‘chaining,’ uses lower score vulnerabilities to first gain segmentation, updating IPS signatures, and
a foothold, then exploit additional vulnerabilities to modifying access policies. These measures can limit
escalate privilege on an incremental basis.” lateral movement, prevent unauthorized privilege
escalation, and stop intruders in their tracks.
– CISA Directive 22-0119
14
19
Binding Cybersecurity Directive 22-01, CISA, November 3, 2021
20
It’s Groundhog Day Again—The State Of Enterprise Ransomware Defense, Forrester Blog, February 2, 2022
Malware proliferates, especially
cryptomining and ransomware
NEW PROGRAMS
Cryptojacking Ransomware
U
P 75% 42%
in 2021
U
P
in 2021
Malware developers were busy creating a variety exploits to make a quick return with very little effort and
of new software in 2021.21 Particularly notable is the up-front investment. As the valuation of cryptocurrency
increase in cryptojacking and ransomware programs. rises, so do the miners’ profits. In fact, Bitcoin miners’
New cryptojacking programs were up 75% year over revenue increased 206% year-over-year, amounting to $15
year, while ransomware programs increased 42%. Both billion in revenue.22 The victims suffer degraded compute
cases illustrate how the malware industry is getting performance that can negatively impact productivity
better at leveraging emerging business opportunities, but may go unnoticed. Once cryptojacking malware has
providing a range of tools and services used by seasoned infected enterprise systems, it can also be repurposed
cybercriminals and inexperienced newbies alike. for other types of exploits, such as ransomware attacks.
Cryptojacking attacks have snowballed in recent years,
Cryptojacking malware highjacks unsuspecting users’ quadrupling in 2021.23
computing resources (CPUs and GPUs) for the lucrative
activity of cryptocurrency mining. Hackers can use such
15 21
Skybox Research Lab changed its malware mapping this year to focus only on malicious programs that target known vulnerabilities.
22
2022 Digital Asset Outlook Report, Block Research, February 15, 2022
23
Tales From The Cryptojacking Frontlines, CrowdStrike, October 27, 2021
Like cryptojacking, ransomware can yield a high ROI evolves like viruses, with new variants springing
with a low barrier to entry, thanks to off-the-shelf up opportunistically in response to a changing
products and services that do the heavy lifting. In the environment.
past, such attacks required a degree of sophistication
and resources, but no longer. As one analyst observes: As pragmatic as malware producers are, it makes
“Gone are the days when every attacker had to write sense that exploit kits and malware packages include
their own ransomware code and run a unique set of tools targeting the most widespread vulnerabilities.
activities. RaaS (ransomware-as-a-service) is a pay- And that’s exactly what our findings show. The table
for-use malware. It enables attackers to use a platform on the next page lists the new vulnerabilities targeted
that provides the necessary ransomware code and by the largest number of malware programs.
operational infrastructure to launch and maintain a
ransomware campaign.”24
16
Ransomware trends, statistics and facts in 2021, TechTarget, November 2021
24-25
The State of Ransomware Attacks and Defenses, Forrester Research, February 2022
26
No. of malware
CVE Name of the vulnerability programs targeting
the CVE
17
Log4Shell spotlights supply chain risks
Each year seems to bring news of some new Log4Shell highlights the growing danger posed
cybersecurity threat that shatters all previous by open-source software and the supply chain.
precedents in its scope and potential impact. In Vulnerable or malware-infected components can
2020, it was the Solar Winds attack. In 2021, it was make their way into widely used software products
Log4Shell. First reported in December, Log4Shell is in ways that are hard to detect and extremely
a critical vulnerability in a piece of Java-based open- difficult to root out. Such was the case with the
source logging software known as Log4j, managed Solar Winds hack, and so it is with vulnerable Log4j
by Apache Software Foundation. libraries tucked away in a multitude of enterprise
software, with no quick and efficient way to find,
The discovery of Log4Shell sent shockwaves much less fix, all of them.
through the cybersecurity community, not only
because of the criticality of the flaw — which allows Using traditional, active scanning to find all instances
any remote attacker to take control of internet- of the vulnerability and then applying patches
connected devices running the software — but everywhere is monumentally time-consuming and
because of its ubiquity. Log4j is used in countless costly. Fortunately, it’s also unnecessary. Scanless
enterprise products and web applications, putting detection can be used to identify affected assets
hundreds of millions of devices at risk. “This without the cost and performance impacts of active
vulnerability is one of the most serious that I’ve seen scanning, and exposure analysis can pinpoint the
in my entire career, if not the most serious,” said Jen typically small subset of devices that are actually
Easterly, director of CISA.27 susceptible to attack. Security teams can then
apply appropriate mitigation measures such as
Hackers were quick to exploit the vulnerability. configuration changes or network segmentation to
According to one source, there were more than a stem the risks even before patches are applied or in
million Log4j-related attacks in the first week after cases where patches aren’t available.
the vulnerability was publicly announced,28 and as
1,000,000
documented by Skybox Research Lab and detailed
above, Log4Shell quickly became one of the top
targets of new malware.
A deep dive into a real life Log4j exploitation, Check Point, December 14, 2021
28
Exploitation of new
vulnerabilities accelerates
As new vulnerabilities appeared in 2021, threat
actors wasted no time taking advantage of them.
One hundred and sixty-eight vulnerabilities that
were published in 2021 were promptly exploited New vulnerabilities
within the year — 24% more than the number of
exploited in the wild
24%
vulnerabilities published and subsequently exploited
in 2020. In other words, threat actors and malware
developers are getting better at weaponizing recent
vulnerabilities. This puts security teams in a squeeze,
reducing the time between the initial discovery of
vulnerabilities and the emergence of active exploits
targeting them. That shrinking window means that
proactive approaches to vulnerability management
are more essential than ever. in 2021
19
Advanced risk scoring is essential for
today’s attack surface management
As the attack surface broadens, it’s more crucial Attackers are increasingly taking advantage of this
than ever for security teams to quickly and fact, going after lower-severity vulnerabilities as the
accurately identify the greatest risks and prioritize first step in sophisticated multistage campaigns.
remediation efforts accordingly. Conventional CISA made this point recently, explaining that “the
approaches that focus primarily on the severity of Common Vulnerability Scoring System (CVSS)
vulnerabilities as measured by CVSS (the common base score does not account for if the vulnerability
vulnerability scoring system) miss the mark. No is actually being used to attack systems… Known
matter how severe a vulnerability is, it may be safe Exploited Vulnerabilities should be the top priority
from attack because it’s not exposed or because for remediation. Based on a study of historical
there are no active attempts to exploit it. On vulnerability data to 2019, only 4% of the total
the other hand, even a low- or medium-severity number of vulnerabilities have been exploited in the
vulnerability can constitute a serious risk if it’s wild. Rather than have agencies focus on thousands
readily accessible to threat actors and is being of vulnerabilities that may never be used in a real-
actively exploited. world attack, BOD [Binding Operational Directive]
22-01 shifts the focus to those vulnerabilities that
are active threats.”29
“ Enterprise attack surfaces are expanding. Risks associated with the use of
cyber-physical systems and IoT, open-source code, cloud applications, complex
digital supply chains, social media and more have brought organizations’
exposed surfaces outside of a set of controllable assets. Organizations must
look beyond traditional approaches to security monitoring, detection and
response to manage a wider set of security exposures.”
– According to Gartner®30
20
GARTNER is a registered trademark and service mark of
Binding Cybersecurity Directive 22-01, CISA, November 3, 2021
29
Gartner, Inc. and/or its affiliates in the U.S. and internationally
Gartner Press Release, “Gartner Identifies Top Security and Risk Management Trends for 2022”, March 7 2022
30
and is used herein with permission. All rights reserved.
Security teams need an objective framework for Exposure analysis is paramount, yet it’s missing
gauging the actual risk that any given vulnerability from conventional risk scoring approaches.
poses to their organization. This requires the use Exposure analysis identifies vulnerabilities and their
of a rigorous scoring system that can be used to exploitability potential and correlates this data
prioritize remediation efforts and allocate precious with an enterprise’s unique network configurations
resources where they’re most needed. That means and security controls to determine if the system
calculating risk scores for assets based on four is potentially open to a cyberattack. This process
critical variables: includes path analysis, which maps all the possible
paths that packets can take across an enterprise’s
1 Measured CVSS severity networks (including complex hybrid networks) —
taking account of the policies, security controls,
2 Likelihood of exploitation
ports, protocols, and applications that affect such
3 Exposure level based on security controls and movement. Path analysis, in turn, enables attack
configurations in place on the network simulation, which applies advanced algorithms
to explore potential attack scenarios and reveal
4 Importance of the asset the degree to which various assets might be
compromised.
21
Shifting the paradigm: from detect-
and-respond to prioritize-and-prevent
The trends described in this report point to an 2. Precise prioritization: Vulnerability data is
inescapable conclusion: Traditional vulnerability incorporated into a network model. This data is then
management strategies are wholly out of step with analyzed to reveal exposures. Exposures, severity,
contemporary realities. Approaches centered on exploitability, and asset importance are analyzed
scanning and patching are too slow, too scattershot, too together to compute an exact risk score that allows
laborious, and too costly. They fail to catch many actual rigorous prioritization.
threats while squandering valuable resources on false
alarms. As a result, security professionals are fighting a 3. Targeted mitigation and remediation: Automated
rearguard battle against a growing array of threats and tools identify and recommend effective, practical
adversaries. measures to address and reduce risks. These
measures go well beyond patching and include
It’s time to give the advantage back to the defenders. configuration changes, network segmentation, and
That means turning the tables and changing the more. This enables organizations to prevent or limit
dynamic: attacks (including zero-day attacks) even when
From reactive to proactive patches are impractical or unavailable.
23
Most of the statistics and findings in this report are based specifically on the intelligence in the Skybox database. In a few
cases, we’ve used other sources such as the National Vulnerability Database (NVD) instead, as explained below.
24
About Skybox
Over 500 of the largest and most security-conscious enterprises in the world rely on
Skybox for the insights and assurance required to stay ahead of dynamically changing
attack surfaces. At Skybox, we don’t just serve up data and information. We provide
the intelligence and context to make informed decisions, taking the guesswork out of
securely enabling enterprises at scale and speed.
Contact us.
skyboxsecurity.com