Vulnerable ≠ Exploitable: A Lesson on Prioritization

Horizon3.ai • April 6, 2023

Vulnerable ≠ Exploitable: A Lesson on Prioritization

A large majority of all vulnerabilities are unexploitable. According to data compiled by Kenna, in 2020, only 2.7% of the vulnerabilities found appeared to be exploitable and only 0.4% of those vulnerabilities were actually observed to be exploited at all.

The prioritization of these low-risk or no-risk vulnerabilities alongside, or even above, the truly exploitable vulnerabilities can actually cause an organization’s security posture to suffer. It takes significant time and coordination to find the asset owners, bring them up to speed on the issue, prepare downtime for the asset, remediate the issue, and then confirm that the issue is remediated. Meanwhile, more critical vulnerabilities are waiting in line for their turn to be remediated.

Download this case study for more on how to further develop a risk prioritization strategy including:

Continuous, autonomous pentesting;
Determining business impact with total context and severity of the finding;
How to identify exploitable attack paths.

Vulnerable ≠ Exploitable: A Lesson on Prioritization

Previous
Buyer’s Guide for Complete Privileged Access Management

Next
Higher Education Institution Finds Easier, Better Vulnerability Scanning with Enhanced Pentesting

You might also be interested in …

OnDemand | Best Practices for Cloud-Scale Threat Detection

OnDemand | Best Practices for Cloud-Scale Threat Detection

Assessing Threats Outside the Perimeter (eBook)

Assessing Threats Outside the Perimeter (eBook)

OnDemand Webinar | Learn Why CISOs Are Embracing These Top ASM Use Cases Now

OnDemand Webinar | Learn Why CISOs Are Embracing These Top ASM Use Cases Now

Ondemand Webinar | Navigating the Security Maze of the Remote Worker with Splunk

Ondemand Webinar | Navigating the Security Maze of the Remote Worker with Splunk

Real-Time Transaction Monitoring: Time to get real?

Predictive Prioritization: How to Focus on the Vulnerabilities That Matter Most

Predictive Prioritization: Data Science Lets You Focus on the 3% of Vulnerabilities Likely to Be Exploited

Can Proactive Threat Hunting Save Your Business?

Deploying a Local Threat Intelligence Infrastructure

Deploying a Local Threat Intelligence Infrastructure

Around the Network

Transforming a Cyber Program in the Aftermath of an Attack

Transforming a Cyber Program in the Aftermath of an Attack

Properly Vetting AI Before It's Deployed in Healthcare

Properly Vetting AI Before It's Deployed in Healthcare

Medical Device Cyberthreat Modeling: Top Considerations

Medical Device Cyberthreat Modeling: Top Considerations

Safeguarding Critical OT and IoT Gear Used in Healthcare

Safeguarding Critical OT and IoT Gear Used in Healthcare

Evolving Threats Facing Robotic and Other Medical Gear

Evolving Threats Facing Robotic and Other Medical Gear

How 'Security by Default' Boosts Health Sector Cybersecurity

How 'Security by Default' Boosts Health Sector Cybersecurity

Protecting Medical Devices Against Future Cyberthreats

Protecting Medical Devices Against Future Cyberthreats

Identity Security and How to Reduce Risk During M&A

Identity Security and How to Reduce Risk During M&A

How the NIST CSF 2.0 Can Help Healthcare Sector Firms

How the NIST CSF 2.0 Can Help Healthcare Sector Firms

Is It Generative AI's Fault, or Do We Blame Human Beings?

Is It Generative AI's Fault, or Do We Blame Human Beings?

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.