Amrit Williams

Skybox Security releases mid-year update to its 2019 Vulnerability and Threat Trends Report, analyzing what’s shaping the threat landscape so far this year. Report Highlights from 2019 H1 Vulnerabilities in cloud containers have increased by 46 percent compared to the same period in 2018 and by 240 percent compared to 2017 Less than one percent of newly published vulnerabilities were exploited in the wild, with nine percent having any functioning exploit developed at all 2019 has added to the trend of broad-reaching vulnerabilities that impact multiple products sharing the same code, with 40 vulnerabilities affecting three or more vendors each Use of malicious cryptominers — cybercriminals’ overwhelming tool of choice in 2018 — has declined to just 15 percent of malware attacks, with ransomware, botnets and backdoors rising to fill the void Skybox Security, a globally renowned cybersecurity management solutions firm, has announced the release of the mid-year update to its 2019 Vulnerability and Threat Trends Report, analyzing the vulnerabilities, exploits and threats in play over the first half of 2019. The report, compiled by the team of security analysts at the Skybox Research Lab, aims to help organizations align their security strategy with the reality of the current threat landscape. The report aims to help organisations align their security strategy with the reality of the current threat landscape Adoption of cloud technology Among the key findings of the report is the marked growth of vulnerabilities in cloud containers. Containers, which create a distinction between virtual servers hosted on a shared machine, have seen vulnerabilities increase by 46 percent in the first half of 2019 compared to the same period in 2018, and 240 percent compared to 2017 H1 figures. “Cloud technology and adoption has obviously skyrocketed, so it’s no surprise that vulnerabilities within cloud technology will increase,” said Skybox Director of Threat Intelligence Marina Kidron. Enhanced cyber security “What is concerning, though, is that as these are published, the race is on for attackers to develop an exploit because launching a successful attack on a container could have much broader consequences. Compared to other technology, containers can be more numerous and quickly replicated. The attack footprint could expand rapidly, and number of victims may be extremely high.” “Container vendors put a great deal of attention to securing their products in the first place,” said Amrit Williams, VP of products. “But that also means reporting vulnerabilities when discovered. It’s critical that customers have a way to spot those vulnerabilities even as their environment may be changing frequently. They also need to assess those vulnerabilities’ exploitability and exposure within the hybrid network and prioritize them alongside vulnerabilities from the rest of the environment — on prem, virtual networks and other clouds.” Vulnerabilities in cloud container Still the current figures are historically high, and it seems annual totals around 15,000 new CVEs will be the new norm Also notable in the report is a decline in the total number of vulnerabilities published. Over the last two years, the total number of new vulnerabilities has outstretched any other previous year. However, the number of vulnerability reports in 2019 H1 declined by 13 percent when compared to the same period last year. Still the current figures are historically high, and it seems annual totals around 15,000 new CVEs will be the new norm. “More than 7,000 new vulnerabilities were discovered in the first half of 2019 — that’s still significantly more than figures we’d see for an entire year pre-2017. So, organizations are likely still going to be drowning in the vulnerability flood for some time,” said Ron Davidson, Skybox CTO and VP of R&D. “Roughly a tenth of these have an exploit available and just one percent are exploited in the wild. That’s why it’s so critical to weave in threat intelligence into prioritization methods, and of course consider which vulnerable assets are exposed and unprotected by security controls.”

Skybox Security, global provider of cyber risk management solutions, has announced its integration with Indegy, globally renowned industrial cybersecurity solutions firm, to help organizations better understand the security posture of hybrid IT and operational technology (OT) networks. Hybrid IT And OT Networks OT networks have been a mystery to IT security teams" “OT networks have been a mystery to IT security teams,” said Skybox Security VP of Products Amrit Williams. “But more and more, CISOs are being tasked with getting a handle on security in OT environments. That starts with literally being able to see and understand the connections between the corporate and production networks, visualizing how the two impact one another’s risk of attack. Our integration with Indegy further strengthens the visibility and insight we give customers with hybrid IT-OT networks, so they can accurately prioritize and respond to those risks.” With Skybox’s understanding of the hybrid network topology and security controls, it can simulate access between and within networks, and determine the reachability of vulnerable assets. Skybox also provides more context to Indegy’s vulnerability data, highlighting exposed and exploitable vulnerabilities, prioritizing their remediation and generating tickets to kick off the workflow. Skybox-Indegy Integration The integration between Skybox and Indegy provides customers with seamless visibility of their IT and OT networks. The combination of Indegy’s passive and active data collection from the OT network is relayed to Skybox where OT assets, services and vulnerabilities are modeled alongside those from the IT environment. “Having a bird’s eye view of a hybrid IT-OT network is hugely valuable,” said Indegy CTO Mille Gandelsman. “Where Skybox provides a high-level view and insight into the corporate network, Indegy allows users to maintain deep visibility into industrial control system networks and device-level changes and provides rich, reliable information. Rolling these capabilities into a single solution will help align IT security teams with OT engineers to ensure cyber risks are understood and remedied without undue disruption.”