The challenge of addressing the myriad of software vulnerabilities is a daunting task for vulnerability management teams. While efforts are concentrated on patching high-scoring Common Vulnerabilities and Exposures (CVEs), the real impact on an organization’s resiliency remains uncertain.

CISA Known Exploited Vulnerabilities: Strengthening Cybersecurity Resilience

In response to this challenge, the Cybersecurity and Infrastructure Security Agency (CISA) created the Known Exploited Vulnerabilities (KEV) program to shift the focus from theoretical risk to reducing actual breaches. By maintaining a catalog of vulnerabilities that have been exploited in the wild, CISA empowers organizations to effectively mitigate potential risks and stay ahead in the battle against cyberattacks.

CISA’s approach narrows the focus to vulnerabilities with a CVE ID, actively exploited in the wild, and with clear remediation actions, providing overwhelmed vulnerability management teams with a manageable list to evaluate and prioritize.

Evolution from Traditional Vulnerability Management to Risk Prioritization

The adoption of vulnerabilities from the CISA KEV catalog has led to security teams spending less time on patching and more on understanding their organization’s resiliency against these proven attack vectors. This shift toward testing the exploitability of vulnerabilities reflects the maturation from traditional vulnerability management to Continuous Threat Exposure Management (CTEM) programs, aimed at actively prioritizing the most threatening risks.

The Significance of Attack Surface Management (ASM) in Gathering Vulnerability Intelligence

An attack surface management solution, such as IBM Security® Randori, provides a comprehensive view of an organization’s vulnerabilities and aids in continuous risk prioritization. By validating how attacks might work and system reactions, organizations prioritize based on CTEM are less likely to suffer a breach, as endorsed by Gartner.

IBM Security Randori, for instance, offers a risk-based priority algorithm that helps prioritize top targets and shares insights necessary to determine impact and risk.

Verifying Exploitable Vulnerabilities with IBM Security Randori

IBM Security® Randori is an attack surface management solution that is designed to uncover your external exposures through the lens of an adversary. It performs continuous vulnerability validation across an organization’s external attack surface and reports on any vulnerabilities that can be exploited.

The vulnerability validation feature goes beyond typical vulnerability management tools and programs by verifying the exploitability of a CVE, such as CVE-2023-7992, a zero-day vulnerability in Zyxel NAS devices that was discovered and reported by the IBM X-Force Applied Research team. This verification helps reduce noise and allows customers to act on real risks and determine if mitigation or remediation efforts were successful by re-testing.

Get started with IBM Security Randori

Organizations can access a free, 7-day trial of IBM Security Randori, or request a live demo to review their attack surface.

Sources: Published CVE Records, Known Exploited Vulnerabilities Catalog, How to Manage Cybersecurity Threats, Not Episodes.

By Director of Product Management – IBM Security Randori