As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. In February 2017, Tavis Ormandy of the Google Project Zero team exposed major memory leakage in Cloudflare’s Content Delivery Network (CDN) web caching services. It exposed all sorts of sensitive data, including passwords, authentication tokens and cookies. Although this is just one example of a cloud-oriented service with a major security issue (which, for the record, the company responded to immediately and remediated quickly), it demonstrates that all of us may have more exposure points than we realise.
Vulnerabilities and their exploitation are still the root cause of most breaches. IT security leaders should refocus their attention on how vulnerabilities are being managed and should track this metric to provide visibility as to how to reduce the biggest risks of being breached.
To deploy resources in the right place, in the right way, vulnerability management teams need to know the intersection of vulnerabilities, network context and the threat landscape.
When it comes to vulnerability management, security leaders continue to struggle to identify which of the thousands — even millions — of vulnerabilities in their environment are actu-ally putting the organisation at risk. Traditional approaches don’t take into account all factors that influence vulnerability risk. This leaves security teams wasting resources on issues attackers may never find or want to exploit.