Rapid7 Industry Cyber-Exposure Report Highlights the Need for Vulnerability Management

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

In our recently released Industry Cyber-Exposure Report: Fortune 500, we uncovered that companies across all industries in the U.S. Fortune 500 are showing signs of recurring compromise. And if the resource-rich Fortune 500 is susceptible, it’s not difficult to imagine how bad it is for everyone else.

Start identifying and remediating risk with a free trial of InsightVM today.

Get Started

Did you remember to lock the door?

According to the cyber-exposure report two fatal services are frequently exposed to the public internet across the Fortune 500: Windows file-sharing Server Message Block (SMB) and Telnet. On average, members of the Fortune 500 expose a public attack surface of 500 servers or devices, and some have as many as 2,500 or more exposed to public attack. When these exposed devices are running one of these dangerous services, the risk to the organization explodes.

SMB services were found to be the most dangerous for a system to expose. Out of 21 sectors, 15 were exposing SMB despite the fact that its weaknesses are both well-known and documented across the security spectrum. While Microsoft has tried to reduce SMB exposure for normal desktop and laptop clients, Fortune 500 companies are still unable to secure it, even with all the resources they have at their disposal. Considering the presence of common vulnerabilitiessuch as EternalBlue and the devastating malware strands based off of it such as WannaCry and NotPetya, it’s clear that there is no safe way to expose SMB services to the public internet.

Telnet servers offered a similar risk as SMB, leaving organizations open to credential theft, passive and active eavesdropping, and remote code execution due to the cleartext nature of the protocol. Furthermore, Telnet servers are not only major risk creators, but they are also pieces of outdated technology that has been replaced by more efficient services (such as SSH). The fact is, there is no practical or technical purpose for Telnet services today.

The role of vulnerability management

Many organizations do not realize they are exposing these vulnerable services to attackers. An effective vulnerability management program starts off by identifying all of the devices in your environment and understanding which vulnerabilities and other risks they may expose. From there, the most critical step—determining what to work on—is accomplished through a prioritization process that takes into account which weaknesses attackers are most likely to take advantage of. Then, the work is finally done to remediate these high-priority risks through patching or compensating controls.

This can be a daunting task, which is why Rapid7 has purpose-built InsightVM, our vulnerability management tool for the future. As the industry’s foremost vulnerability management tool, InsightVM empowers you to build your budding vulnerability management program or to inject new life into your existing processes and technology.

About the Industry Cyber-Exposure Report: Fortune 500

To compile the Industry Cyber-Exposure Report: Fortune 500, Rapid7 researchers used our internet-wide scanning platform, Project Sonar, and our passive sensor network, Project Heisenberg, to determine whether online assets are advertising vulnerable internet services or making suspicious outbound connections, which often indicate compromised systems.

Our research team then took a closer look at blocks of addresses and attributed them to organizations to determine the exposures of the Fortune 500 companies.

Want to find out more about your vulnerabilities and mitigate risk in your org? Start a free trial of InsightVM today.

Get Started

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
333 Followers
About Rapid7
Rapid7 (NASDAQ:RPD) powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams. The Rapid7 Insight platform empowers these teams to jointly manage and reduce risk, detect and contain attackers, and analyze and optimize operations. Rapid7 technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across more than 120 countries, including 52% of the Fortune 100.
Promoted Content
30-Day Trial: UBA-Powered SIEM with Rapid7's InsightIDR
Rapid7 InsightIDR delivers trust and confidence: you can trust that any suspicious behavior is being detected, and have confidence that with the full context, you can quickly remediate. From working hand-in-hand with security teams, we understand how painful it is to triage, false-positive, vague alerts and jump between siloed tools, each monitoring a bit of the network. InsightIDR combines SIEM, UBA, and EDR capabilities to unify your existing network & security stack. By correlating the millions of events your organization generates daily to the exact users and assets behind them, you can reliably detect attacks and expose risky behavior - all in real-time.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel