Exposure management via CISA’s Top Routinely Exploited Vulnerabilities

less than 1 minute read

This is textbook example of the type of input you’d apply to an exposure management process:

Take the CISA list, along with others, and overlay these vulnerabilities atop your attack surface. The resultant list are your most at-risk assets.
Remove any assets where you have a strong mitigating control in place.
Patch or otherwise mitigate these vulnerabilities on these assets (really, patch them all, and then consider further mitigations, should the class of attack reappear in the form of another vulnerability down the line).

Note that CISA has produced these lists for three years, but there are related lists (some being the product of CISA’s work combined with other partners). You can find them here: https://www.cisa.gov/search?g=Top%20Routinely%20Exploited%20Vulnerabilities

Twitter Facebook LinkedIn

You May Also Enjoy

The Cybersecurity Maturity Matrix

1 minute read

Trust and the cybersecurity buyer’s journey

2 minute read

Improving CISA KEV data integrity

3 minute read

tl;dr - Sometimes CISA removes Known Exploited Vulnerabilities catalog records. It would be awesome if they marked them as withdrawn and/or superseded instead.

When your product becomes a feature

3 minute read

Having spent a few years using, maintaining, and building security products of every conceivable shape and size, it’s become apparent how uniquely risky it is to invest in building cloud[1] security products.