Keeping up with the influx of security vulnerabilities has become a priority for enterprise IT and security teams. Every system and device within a company can potentially have vulnerabilities, despite what is currently in place to prevent that. This includes all physical laptops, servers and other items, but also virtual platforms, cloud-based assets, mobile devices and more.
The rate that vulnerabilities have been exposed has accelerated in recent years. The “National Vulnerability Database”, shows that industry typically expected “5,000 to 7,000 common vulnerabilities” each year. However, in 2017 that number reached over 14,000 and in 2018 it moved past 16,000. These numbers are possibly underestimating the number of vulnerabilities in the world, but it is clear that this number is quickly accelerating.
Weaponization is the Key
However, it should be clear that not every vulnerability is at danger of being weaponized. This means that not every vulnerability that your IT team might have, can be or will be exploited or attacked by malware. Most vulnerabilities are not attacked in this way. The “National Vulnerability Database” tracks over 120,000 vulnerabilities and finds that less than 24,000 have been weaponized. Organizations and IT teams use this information to prioritize risk-management and assessments for those most vulnerable to weaponization.
This approach is still considered reactive, as the IT teams wait for attackers to weaponize the vulnerabilities before figuring out which ones are most dangerous. The attackers must make the first move to expose which vulnerabilities to pay attention to. But there are new innovations that are starting to change this process and reactive approach. Using data science and machine learning, researchers are able to predict which vulnerabilities will most likely be weaponized and exposed.
Predicting Weaponization
The first step to predicting weaponization, is to curate the right data set. You should not focus on just having a large amount of data, you should focus on also having broad context of the vulnerability. Here is some data that would be beneficial in predicting weaponization – traits that contributed to risk score, weaknesses that created the vulnerability, how it would be exposed and what assets would be affected or exploited as a result of the weaponization.
Common Vulnerability Scoring System (CVSS) are based on metrics that provide insight on how difficult it is to exploit or control a vulnerability and how much impact would that exploited vulnerability have on an organization. From a cyber attack point of view, fewer constraints on an exploit and the higher the impact, the better and more valuable that vulnerability will appear to cyber attackers.
Similar to this, if it is easy to attack a vulnerability, there is a greater chance it will be weaponized even if the impact isn’t as great as another vulnerability that is not as easily accessible. Sometimes low-level vulnerabilities can give cyber attackers privileges to allow them to penetrate your network and systems further and exploit other vulnerabilities that might be more complex to attack directly.
Feeding the AI Engine
After establishing a data set, you use analytical models to gain predictive insights. Using past weaponization trends, one can create algorithms to sweep across diverse data and identify a combination of traits that will best predict the vulnerabilities that will be weaponized by cyber attackers. This approach can also predict the speed that a vulnerability will be compromised and exploited.
This process allows IT teams and organizations prioritize vulnerabilities that they tackle and attempt to solve. Although these can be helpful, they shouldn’t be taken as the final answer about your organizations vulnerabilities and how they can be exploited. Although it is not a perfect or final answer, it can help to organize your strategy and become proactive versus reactive.