In 2021, around 22 000 vulnerabilities were published¹, with the most notorious (the Log4j vulnerability CVE-2021-44228) being just one of nearly 10 000 known security vulnerabilities detected in open-source components. Shocking numbers, but behind these headlines most cyberattacks take advantage of known vulnerabilities that have not been patched, knowing that organisations simply cannot keep pace with the scale of the problem.

Amid the differing scanner results and false positives, many organisations end up with vulnerability fatigue as they battle to prioritise, manage and mitigate an endless stream of issues. So, what’s the answer, and how do you decide what to fix first?

For hard-pressed chief information security officers (CISOs) with their sights set firmly on cost and value, there’s a new capability from Skybox that’s designed to address this, helping them make informed, data-driven decisions about what to address based on the rand value of their technology assets to the organisation.

Cyber risk quantification to the rescue

The new automated Cyber Risk Quantification (CRQ) capability is a part of Skybox Vulnerability Threat Management, a solution that enables CISOs to:

Prioritise critical cyber risks based on vulnerabilities that are exposed and exploited in the wild;
Target risk mitigation on the most significant risks with remediation options that go beyond patching;
Make data-driven decisions as they navigate the risks and opportunities of digital transformation; and
Calculate ROI of cybersecurity budgets to validate investments and report on the financial impact.

CRQ helps pinpoint cyber risks with the highest potential financial impact, improving decision making and strengthening the organisation’s security posture.

Organizations with mature risk-scoring, exposure analysis, attack surface visibility and vulnerability assessment practices experience fewer breaches.

With this CRQ new capability, Skybox addresses a key area in which CISOs can mature their cybersecurity programme. A new, ground-breaking global cybersecurity benchmark study, Cybersecurity solutions for a riskier world found that risk-based leaders experienced less breaches than others. Risk-based leaders were more mature in the areas of risk scoring, exposure analysis, vulnerability assessments, attack surface visualisation, and more. Additionally, over a quarter of risk-based leaders made significant investments in cyber risk modelling over the past two years.

However, identifying and quantifying risk is not easy. The top challenge cited by C-level decision makers in the benchmark study was inadequate identification of key risks. Furthermore, 41% of all executives with responsibility for cybersecurity and 46% of CIOs say that their organisations have not kept pace with digital transformation. And 40% of CISOs say they are not well prepared for the rapidly changing threat landscape.²

Industry’s most advanced vulnerability threat management solution

The latest release of Skybox Vulnerability Threat Management includes a range of new features designed to ensure it is the most advanced vulnerability management solution on the market. Features include a major network model update that significantly increases customer time to value and real-time exposure analysis through faster aggregation across customers’ disparate tech stacks and security toolkits.

“Actual and timely risk reduction is how we ultimately define customer success.” — Gidi Cohen, CEO and founder, Skybox Security

Skybox Security is the only solution that builds an extensive model of a customer’s unique hybrid environment, including all L3 devices. The network model is continuously updated, incorporating customer scan data and proprietary threat intelligence feeds from the Skybox Research Lab.

Key features

Skybox Vulnerability Threat Management provides:

Asset and vulnerability discovery designed to identify the blind spots that active scanning solutions can’t reach. Customers gain a complete picture of their unique hybrid attack surface. The product aggregates multi-vendor scan data from across a customer’s environments and discovers vulnerabilities across unscannable cloud workloads.
Vulnerability prioritisation zooms in on the gaps an adversary will exploit first by analysing exploitability, criticality, asset importance and exposure. The Skybox algorithm prioritises risk using a flexible, customisable formula that can be tailored to a customer’s unique business. The platform identifies the most effective remediation options, including network-based compensating controls to supplement patches and software updates.
Network modelling and attack surface visualisation to show how risks are mitigated with a layered combination of alternative native, custom and other security controls. The Skybox network model enables path analysis and attack simulation to identify exposed vulnerabilities.
Targeted vulnerability remediation that highlights potential attack paths, enabling customers to prioritise which security controls will mitigate a threat or an attack.

As more and more vulnerabilities are exposed and exploited in the wild, it’s vital to zero in on what matters by using our Vulnerability Threat Management capabilities to continually collect and aggregate security control data across disparate and highly complex environments, normalise the data and turn it into actionable insight based on the value to you.

References

25+ cybersecurity vulnerability statistics and facts of 2021, Comparitech, 29 January 2022
Cybersecurity solutions for a riskier world, Thoughtlab, May 2022

About Skybox Security
Over 500 of the largest and most security-conscious enterprises in the world rely on Skybox for the insights and assurance required to stay ahead of dynamically changing attack surfaces. Our Security Posture Management Platform delivers complete visibility, analytics and automation to quickly map, prioritise and remediate vulnerabilities across your organisation. The vendor-agnostic solution intelligently optimises security policies, actions and change processes across all corporate networks and cloud environments. With Skybox, security teams can now focus on the most strategic business initiatives while ensuring enterprises remain protected. We are Skybox. Visit www.skyboxsecurity.com for more information or check out all the recent Skybox Security content on hub.techcentral.co.za/skybox.