Only half of the vulnerabilities in cloud containers ever posed a threat, according to a Rezilion study.
The top 20 most popular container images on DockerHub were analyzed to discover that 50% of vulnerabilities were never loaded into memory and therefore did not pose a threat, regardless of Common Vulnerability Scoring System (CVSS) scores and despite vast resources in budget and manpower spent on patching or mitigation.
By triaging vulnerabilities using a continuous adaptive risk and trust assessment (CARTA) approach and then prioritizing treatment of those that are commonly targeted, companies can significantly reduce their security budgets or free up manpower to focus on other critical issues.
Firms with good security posture are equally breached
According to IDC, enterprises are spending 7-10% of their security budget on vulnerability management as daily operations become increasingly more dependent on cloud services. Vulnerability scanners overload and confuse security teams with mountainous results that would be impossible to patch all at once.
The existing prioritization practices such as CVSS provide no notable reduction of breaches in organizations with mature vulnerability management programs. Firms with good security posture are equally breached by known vulnerabilities as those with poor security posture.
A risk-based approach to vulnerability management
Gartner recommends that “security and risk management leaders should rate vulnerabilities on the basis of risk in order to improve vulnerability management program effectiveness”.
Gartner also predicts that “by 2022, approximately 30% of enterprises will adopt a risk-based approach to vulnerability management” and “by 2022, organizations that use the risk-based vulnerability management method will suffer 80% fewer breaches.”
“A vulnerability is only as dangerous as the threat exploiting it and in some instances during our research, we found the figure dropped to as low as 2%. By focusing on actual vs. perceived risk, we found the security industry has been unnecessarily exaggerating the number of vulnerabilities security teams must address, which has dangerous ramifications to the cloud security landscape,” said Shlomi Boutnaru, CTO at Rezilion.
“A continuous adaptive risk and trust assessment-based approach reduces friction and overhead by identifying vulnerabilities running in memory and then prioritizing treatment to those vulnerabilities commonly targeted by hackers as well as any that don’t have mitigations.”
from Help Net Security https://ift.tt/2IaT8MJ
Did you know there's a 12 word sentence you can communicate to your partner... that will induce intense emotions of love and instinctual appeal to you buried inside his chest?
ReplyDeleteBecause deep inside these 12 words is a "secret signal" that fuels a man's instinct to love, please and care for you with all his heart...
12 Words That Fuel A Man's Love Instinct
This instinct is so built-in to a man's genetics that it will make him work better than ever before to do his best at looking after your relationship.
As a matter of fact, fueling this powerful instinct is so binding to achieving the best possible relationship with your man that the moment you send your man a "Secret Signal"...
...You will soon notice him open his mind and heart to you in such a way he never experienced before and he'll recognize you as the one and only woman in the galaxy who has ever truly interested him.