The annual report reveals emerging threat intelligence sources, security threats by industry, and the steadily rising correlation of social media and cyber threats. Conducted by the NopSec Labs research team, the report analyzes over a million unique vulnerabilities, 100 unique dark web properties, and nearly 90,000 vulnerabilities contained in the National Vulnerability Database over a 20-year period. Get the report now.
“Through NopSec’s dedicated research efforts and technology innovation, organizations can effectively prioritize and remediate security threats and vulnerabilities by leveraging advanced intelligent automation and machine learning,” notes NopSec’s CTO, Michelangelo Sidagni. “Our mission is to empower cyber security and risk professionals to make better decisions to reduce their cyber risk exposure. In this sense, not all vulnerabilities are created equal.”
Some of the report’s top findings include:
- Dark Web data is an emerging threat intelligence source for cybersecurity companies to evaluate how important vulnerabilities are even if they do not have public exploits associated to them.
- Relying solely on the CVSS Base Score makes it impossible to accurately prioritize vulnerability risks at scale for organizations of all sizes.
- Social media has remained a top platform for cybersecurity professionals to evaluate the risks associated with emerging vulnerabilities.
- Application-related vulnerabilities remain a top priority for organizations to remediate, as recent security breaches also demonstrated.
“Vulnerabilities and their exploitation are still the root cause of most breaches,” notes Gartner analyst Craig Lawson. “IT security leaders should refocus their attention on how vulnerabilities are being managed and should track this metric to provide visibility as to how to reduce the biggest risks of being breached.”*
NopSec’s continued innovations has focused on pioneering a way to measure vulnerability risk based on threats to the organization’s valuable assets in an event of a potential breach. NopSec’s award-winning Unified VRM SaaS platform utilizes the E3 Engine, the world’s first security controls validation and analytics measurements technology to evaluate and explore opportunity for exploitation and control effectiveness.
Download the 2017 State of Vulnerability Risk Management Report and Register for the Webinar to explore the findings in more detail.
*Gartner, It's Time to Align Your Vulnerability Management Priorities With the Biggest Threats, Craig Lawson, 09 September 2016
NopSec provides automated IT security control measurement and risk remediation solutions to help businesses protect their IT environments from security breaches. The company's flagship SaaS product, Unified VRM, utilizes passive analysis, active exploitation and contextual enrichment that enables security teams to visually forecast threat risk, and dramatically reduce the time to remediation of critical security vulnerabilities across infrastructure and applications. For more information, visit http://www.nopsec.com or follow us on Twitter @nopsec.
Kelly Hall, NopSec, http://www.nopsec.com/contact/, +1 (917) 983-3862, [email protected]