2018 National Exposure Index

Share and earn Cybytes
Facebook Twitter LinkedIn Email

In 2016, Rapid7 Labs launched the National Exposure Index in order to better understand the nature of internet exposure—services that either do not offer modern cryptographic protection, or are otherwise unsuitable to offer on the increasingly hostile internet—and how those exposure levels look around the globe. Read the 2018 National Exposure Index.

Executive Summary

Now in our third year, we continue this ongoing investigation into the risk of passive eavesdropping and active attack on the internet, and offer insight into the continuing changes involving these exposed services. We’ve added a third dimension for exposure, “amplification potential,” in the wake of the disastrous memcached exposure uncovered in 2018. We’ve also modified our ranking algorithm in this edition. First, we’re measuring and scoring amplification abuse potential. Second, we’ve added more studies targeting exposed databases, and weighted groups of protocols as “more risky” than others, such as SMB, memcached, and database ports. In addition, we’re treating the especially responsive 2% of IPv4 nodes (0.08% of routable IPv4 addresses) as mere noise absorbers/generators in their networks and have removed those nodes from scoring entirely.

To learn about the key findings and analysis, as well as what steps can be taken to improve security posture worldwide, read the National Exposure Index in its entirety, register for our webcast to hear directly from the researchers, and explore country statistics via the interactive map and select country-specific executive summaries below.  

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
About Rapid7
Rapid7 (NASDAQ:RPD) powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams. The Rapid7 Insight platform empowers these teams to jointly manage and reduce risk, detect and contain attackers, and analyze and optimize operations. Rapid7 technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across more than 120 countries, including 52% of the Fortune 100.
Promoted Content
30-Day Trial: UBA-Powered SIEM with Rapid7's InsightIDR
Rapid7 InsightIDR delivers trust and confidence: you can trust that any suspicious behavior is being detected, and have confidence that with the full context, you can quickly remediate. From working hand-in-hand with security teams, we understand how painful it is to triage, false-positive, vague alerts and jump between siloed tools, each monitoring a bit of the network. InsightIDR combines SIEM, UBA, and EDR capabilities to unify your existing network & security stack. By correlating the millions of events your organization generates daily to the exact users and assets behind them, you can reliably detect attacks and expose risky behavior - all in real-time.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?