The global attack landscape is constantly expanding as new technologies and devices are connected to the Internet, meaning there are more vulnerabilities and entry points for attackers to exploit, according to new research published by security firm Tenable.
Scott McKinnel, Tenable ANZ Country Manager he says, in fact, there are 117,289 new hosts, 613 new domains and 375 new threats released every minute around the world, and the growing number of IoT devices, cloud services and mobile devices, in particular, contribute to this trend.
According to a new study published by Tenable, as the number of connected devices increases, so does the number of potential risks, and the Internetith’s problem of combating vulnerabilities stems from the fact that yesterday’s tools and processes are used to solve today’s problems. – designed and built for the old IT era when the site of a cyberattack was a stationary laptop, desktop or local server.
“As a result, organizations struggle at every step – identifying their assets, finding vulnerabilities, prioritizing issues for remediation, measuring risk and benchmarking – preventing them from confidently managing and mitigating cyber risk. It is clear that in this new digital age, we need a new approach ,” McKinnel noted.
“One of the most effective ways to regain control of an ever-changing attack landscape is to be able to identify and assess all assets from any computing platform with live visibility. This enables organizations to understand their true level of exposure and proactively manage and mitigate cyber risk.
“The cybersecurity industry needs to move away from traditional risk management and focus on providing customers with a risk inventory and embrace exposure management that helps customers understand where they are exposed, what that means from a risk perspective and how to effectively manage and mitigate that risk. .
“Most security leaders now understand that the explosion of data, the increase in the number of tools used and the number of active repositories have significantly increased cyber risk. However, security teams are faced with the challenge of keeping up with the adoption of new risk management solutions, web applications, proprietary systems and cloud assets. But the biggest challenge lies in effectively analyzing all the data generated from a mixed bag of technologies to make informed decisions about which exposures represent the greatest cyber risk to an organization.”
McKinnel. says that when threat actors assess an organization’s cyber defenses, they don’t think in terms of databases — instead, they’re looking for the right combination of vulnerabilities, vulnerabilities and identity privileges that will give them the greatest level of immediate access to an organization’s network.
McKinnel says that to be an effective part of any exposure management program, the platform needs to offer three key features:
Overall Appearance: An integrated view of all assets and related vulnerabilities (software, configuration and privilege), whether on-premises or in the cloud, is essential to understand where the organization is exposed to risk. An exposure management platform needs to continuously monitor the Internet to quickly detect and identify all exposed assets and remove known and unknown security risk areas. This helps reduce the time and effort required for security teams to understand the complete attack surface, remove blind spots and build a foundation for effective risk management.
Predictions and Priorities: An exposure management platform needs to help users anticipate the consequences of a cyberattack by drawing on large data sets available from various scoring tools and provide context about the relationship between assets, exposures, rights and threats across the attack path. Cyber risk prioritization is needed to help cybersecurity teams continuously identify and focus on attack methods that present the greatest risk of exploitation. By providing accurate and predictive remediation information, these features enable security teams to mitigate risk with minimal effort to help prevent attacks.
Effective metrics for cyber risk communication: Security professionals and business leaders need a centralized and business-aligned view of cyber risk with clear KPIs to show progress over time and benchmarking capabilities to compare with external peers. An exposure management platform needs to provide tangible information across an organization’s network risk pool – including the number of ongoing efforts that occur on a daily basis. It also requires the ability for users to be able to disclose specific information about each department or functional unit. It needs to deliver an accurate assessment of cyber risk relevant to the business to improve communication and collaboration between elements. Actionable metrics enable security teams to demonstrate the value of their immediate and time-saving efforts, improve investment decisions, support cyber insurance programs and drive improvements over time – all while clearly reducing risk to the organization.
McKinnel says exposure management gives cybersecurity leaders a way to return the narrative to “effective, proactive breaches and attacks” and enables them to “clearly explain the effectiveness of effective, proactive security systems in language the business will understand.” Also, bypass the limitations of outdated, hidden security systems. “