{"id":4256,"date":"2022-12-16T12:28:56","date_gmt":"2022-12-16T16:28:56","guid":{"rendered":"https:\/\/solutionsreview.com\/security-information-event-management\/?p=4256"},"modified":"2022-12-19T09:58:11","modified_gmt":"2022-12-19T13:58:11","slug":"the-exploding-vulnerability-arms-race","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/","title":{"rendered":"The Exploding Vulnerability Arms Race"},"content":{"rendered":"<p style=\"text-align: justify;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-full wp-image-4258\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg\" alt=\"Vulnerability\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg 800w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race-300x150.jpg 300w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race-768x384.jpg 768w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race-540x270.jpg 540w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race-162x81.jpg 162w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify;\"><em><strong>As part of Solutions Review\u2019s Premium Content Series\u2014a collection of contributed columns written by industry experts in maturing software categories\u2014 Rohit Dhamankar of Fortra&#8217;s <a href=\"https:\/\/www.alertlogic.com\/\" target=\"_blank\" rel=\"noopener\">Alert Logic<\/a> warns of a growing Cyber Cold War, as countries stockpile vulnerability &#8220;weapons of mass destruction.&#8221;<\/strong><\/em><\/p>\n<p style=\"text-align: justify;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-3778\" src=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/01\/SR-Premium-Content.gif\" alt=\"SR - Premium Content\" width=\"105\" height=\"110\" srcset=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/01\/SR-Premium-Content.gif 105w, https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/01\/SR-Premium-Content-77x81.gif 77w\" sizes=\"(max-width: 105px) 100vw, 105px\" \/>At 2022 Black Hat USA, former CISA Director Chris Krebs warned that every country today \u2013 not just Russia, China, North Korea, and Iran \u2013 sees the Internet as the \u201cFifth Domain.\u201d Nation-state attacks are on the rise \u2013 primarily due to an ever-growing exploitable vulnerability stockpile.<\/p>\n<p style=\"text-align: justify;\">In 2021, the number of recorded zero-days overall was more than double the figures recorded in 2020. And the zero-day market is flourishing. Often, it can be more lucrative to sell a vulnerability than participate in a bug bounty program. And software vulnerabilities are not just being exploited by nation-state attackers. The explosion of vulnerabilities has lowered the bar to entry for bad actors, from e-crime to ransomware. To measurably improve their security posture, defenders need to more efficiently \u2013 and effectively \u2013 manage software vulnerabilities in their environment.<\/p>\n<p style=\"text-align: justify;\"><span style=\"font-size: 1em;\"><br \/>Widget not in any sidebars<br \/><\/span><\/p>\n<h3 style=\"text-align: justify;\"><strong>A Perfect Storm<\/strong><\/h3>\n<p style=\"text-align: justify;\">The size of the attack surface continues to expand due to the continued adoption of cloud technologies. Yet security continues to lag far behind. Why? Often, in the rush to go-to-market, organizations have little time or resources to spend on security. In addition to a growing attack surface, the type of software vulnerabilities has changed. In the past, vulnerabilities would predominantly be found in various operating systems and web applications. While these attack vectors haven&#8217;t gone away, now vulnerabilities are much more complex, and hackers are increasingly using vulnerability chaining to compromise their targets.<\/p>\n<p style=\"text-align: justify;\">Adding to these elements, the speed to exploit has increased as well. For example, ransomware gangs know organizations don&#8217;t patch automatically; in the past, they could go undetected in a targeted environment for up to two weeks. As security solutions started maturing, they realized they needed to exploit software vulnerabilities more quickly and now can infect environments in just a few hours.<\/p>\n<h3 style=\"text-align: justify;\"><strong>Reduce your Exposure, Increase Your Security Posture<\/strong><\/h3>\n<p style=\"text-align: justify;\">While the risk due to software vulnerabilities has escalated over recent years, defenders must continue to follow these basic steps to protect their organization:<\/p>\n<ul style=\"text-align: justify;\">\n<li><strong>Gain visibility of your complete attack surface<\/strong>: Today, visibility of your environment is key. By being able to view your entire infrastructure, you can better identify your vulnerabilities and their potential risk to your organization. Due to the expansion of the attack surface, visibility has become more complex. You need to know not just your operating systems, but also all the assets you are running in the cloud.<\/li>\n<li><strong>Automate, automate, automate<\/strong>: Resources, from staff to tools, are always going to be limited \u2013 automation can help reduce your risk. Identify areas of your environment that you can automatically control. For example, can you automatically check if your end-user systems are completely patched? Can you automatically deny unauthorized access to the network? Put together a Zero Trust framework for your environment. Automation can improve your success against an ever-increasing attack vector.<\/li>\n<li><strong>Don\u2019t forget the outside-in view<\/strong>: Today, most practitioners use vulnerability management systems to see what&#8217;s vulnerable in their environment and prioritize their risk approach. Yet these systems only provide an Inside-Out view &#8212; you also need an Outside-In view. Conduct a robust penetration testing of your environment and take it seriously because that&#8217;s how hackers and other outsiders investigate your environment. You then can fuse together the inside-out view with the outside-in view to make proper decisions to reduce risk.<\/li>\n<li><strong>Audit your security controls<\/strong>: What are the controls that you have invested in from a security perspective? Are you maximizing the utility of those controls, and are you making sure that you have the right skill set &#8212; and monitoring &#8212; of these controls to make sure that they are in place and that they&#8217;re delivering the maximum benefit for the investment that you have made?<\/li>\n<li><strong>Prioritize your workforce<\/strong>: Prepare your entire staff to respond to the next breach. Do you have KPIs in place for your staff for responding to vulnerabilities in your environment? That&#8217;s a business metric that you should be measuring.<\/li>\n<li><strong>Ask yourself<\/strong>: &#8220;How am I measuring, how am I doing month to month?&#8221; Every day there is a new risk. How does that affect my KPI and how are my resources aligned to help me reduce the risk?\u201d These are just some of the questions that organizations really need to think about to address carefully.<\/li>\n<\/ul>\n<h3 style=\"text-align: justify;\"><strong>Conclusion<\/strong><\/h3>\n<p style=\"text-align: justify;\">The threat due to software vulnerabilities will continue to grow. To measurably reduce risk, take a holistic look at everything, from your attack surface to your resource and tool optimization. If that is done, organizations have at least a chance of staying ahead of today\u2019s adversaries.<\/p>\n<p style=\"text-align: justify;\"><span style=\"font-size: 1em;\"><br \/>Widget not in any sidebars<br \/><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As part of Solutions Review\u2019s Premium Content Series\u2014a collection of contributed columns written by industry experts in maturing software categories\u2014 Rohit Dhamankar of Fortra&#8217;s Alert Logic warns of a growing Cyber Cold War, as countries stockpile vulnerability &#8220;weapons of mass destruction.&#8221; At 2022 Black Hat USA, former CISA Director Chris Krebs warned that every country [&hellip;]<\/p>\n","protected":false},"author":446,"featured_media":4258,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[551,1],"tags":[134,2111,1251,1775,1465,2110,2057,1912,2112,1536,417,1691,2113,1913,282,1446,2109,1503,2108,1798,1797],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>The Exploding Vulnerability Arms Race<\/title>\n<meta name=\"description\" content=\"Rohit Dhamankar of Alert Logic warns of a growing Cyber Cold War, as countries stockpile vulnerability &quot;weapons of mass destruction.&quot;\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"The Exploding Vulnerability Arms Race\" \/>\n<meta property=\"og:description\" content=\"Rohit Dhamankar of Alert Logic warns of a growing Cyber Cold War, as countries stockpile vulnerability &quot;weapons of mass destruction.&quot;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/\" \/>\n<meta property=\"og:site_name\" content=\"SIEM Tools &amp; Security Event Management | Solutions Review\" \/>\n<meta property=\"article:published_time\" content=\"2022-12-16T16:28:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-12-19T13:58:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Rohit Dhamankar\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Rohit Dhamankar\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/\",\"name\":\"The Exploding Vulnerability Arms Race\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg\",\"datePublished\":\"2022-12-16T16:28:56+00:00\",\"dateModified\":\"2022-12-19T13:58:11+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/eaccf23228008b023130cff15738dce4\"},\"description\":\"Rohit Dhamankar of Alert Logic warns of a growing Cyber Cold War, as countries stockpile vulnerability \\\"weapons of mass destruction.\\\"\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg\",\"width\":800,\"height\":400,\"caption\":\"Vulnerability\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"The Exploding Vulnerability Arms Race\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/\",\"name\":\"SIEM Tools &amp; Security Event Management | Solutions Review\",\"description\":\"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/eaccf23228008b023130cff15738dce4\",\"name\":\"Rohit Dhamankar\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/5dfed706011cfea4271f088d758bf87a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/5dfed706011cfea4271f088d758bf87a?s=96&d=mm&r=g\",\"caption\":\"Rohit Dhamankar\"},\"description\":\"Dhamankar has over 15 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Dhamankar holds a Master of Science in Electrical Engineering from the University of Texas Austin and a Master of Science in Physics from IIT in Kanpur, India.\",\"url\":\"https:\/\/solutionsreview.com\/security-information-event-management\/author\/rdhamankar\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"The Exploding Vulnerability Arms Race","description":"Rohit Dhamankar of Alert Logic warns of a growing Cyber Cold War, as countries stockpile vulnerability \"weapons of mass destruction.\"","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/","og_locale":"en_US","og_type":"article","og_title":"The Exploding Vulnerability Arms Race","og_description":"Rohit Dhamankar of Alert Logic warns of a growing Cyber Cold War, as countries stockpile vulnerability \"weapons of mass destruction.\"","og_url":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/","og_site_name":"SIEM Tools &amp; Security Event Management | Solutions Review","article_published_time":"2022-12-16T16:28:56+00:00","article_modified_time":"2022-12-19T13:58:11+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg","type":"image\/jpeg"}],"author":"Rohit Dhamankar","twitter_misc":{"Written by":"Rohit Dhamankar","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/","url":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/","name":"The Exploding Vulnerability Arms Race","isPartOf":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg","datePublished":"2022-12-16T16:28:56+00:00","dateModified":"2022-12-19T13:58:11+00:00","author":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/eaccf23228008b023130cff15738dce4"},"description":"Rohit Dhamankar of Alert Logic warns of a growing Cyber Cold War, as countries stockpile vulnerability \"weapons of mass destruction.\"","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#primaryimage","url":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg","contentUrl":"https:\/\/solutionsreview.com\/security-information-event-management\/files\/2022\/12\/Exploding-Vulnerability-Arms-Race.jpg","width":800,"height":400,"caption":"Vulnerability"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/the-exploding-vulnerability-arms-race\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/security-information-event-management\/"},{"@type":"ListItem","position":2,"name":"The Exploding Vulnerability Arms Race"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#website","url":"https:\/\/solutionsreview.com\/security-information-event-management\/","name":"SIEM Tools &amp; Security Event Management | Solutions Review","description":"Evaluating Enterprise SIEM Systems, Log Management Analytics &amp; SOAR Platforms.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/security-information-event-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/eaccf23228008b023130cff15738dce4","name":"Rohit Dhamankar","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/security-information-event-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/5dfed706011cfea4271f088d758bf87a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/5dfed706011cfea4271f088d758bf87a?s=96&d=mm&r=g","caption":"Rohit Dhamankar"},"description":"Dhamankar has over 15 years of security industry experience across product strategy, threat research, product management and development, and customer solutions. Dhamankar holds a Master of Science in Electrical Engineering from the University of Texas Austin and a Master of Science in Physics from IIT in Kanpur, India.","url":"https:\/\/solutionsreview.com\/security-information-event-management\/author\/rdhamankar\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/4256"}],"collection":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/users\/446"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/comments?post=4256"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/posts\/4256\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media\/4258"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/media?parent=4256"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/categories?post=4256"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/security-information-event-management\/wp-json\/wp\/v2\/tags?post=4256"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}