Primary Author of the 2016 Verizon Data Breach Investigations Report – “Vulnerabilities” Chapter
Kenna’s Chief Data Scientist Michael Roytman was the primary author of this year’s “Vulnerabilities” chapter, analyzing a correlated threat data set that spans 200M+ successful exploitations across 500+ common vulnerabilities and exposures from over 20,000 enterprises in more than 150 countries.
- Half of all exploitations happen between 10 and 100 days after the vulnerability is published, with the median around 30 days.
- Attackers automate certain weaponized vulnerabilities and spray and pray them across the internet, sometimes yielding incredible success.
- We are treading water—we aren’t sinking in new vulnerabilities, but we’re also not swimming to the land of instantaneous remediation and vuln-free assets.
“While the top 10 vulnerabilities accounting for 85% of successful exploit traffic, the other 15% consists of over 900 CVEs, which are also being actively exploited in the wild.”
- Establish a process for vulnerability remediation that targets vulnerabilities which attackers are exploiting in the wild, followed by vulnerabilities with known exploits or proof-of-concept code.
- If you have a system that cannot be patched or receive the latest-and-greatest software update, apply other risk mitigations in the form of configuration changes or isolation
CVSS Under Fire: Michael Roytman on the Prioritization Problem
Reporting on Risk to the Board: Tips from a CISO
Behind the Kenna Prioritization Algorithm
Free Kenna 15-Day Trial
“ Half of all exploitations happen between 10 and 100 days after the vulnerability is published. ”