Tetra Defense Reports 57% of Incidents Are Caused by Exploitation of Known Vulnerabilities
Exposed vulnerabilities remain a thorn in the side of IT teams
Tetra Defense released its Q1 2022 Incident Response Insights report on June 29, 2022, with findings that attributed 57% of incidents (that Tetra Defense responded to) to an exploitation of a known vulnerability on the victim’s network. On top of being more frequent, incidents caused by an external vulnerability were also more costly for organizations when cleaning up the aftermath – 54% more costly than “user action” attributed incidents, like phishing.
You can’t only patch breaking news
Tetra Defense’s report also found that one of the most newsworthy vulnerabilities of the year, Log4j, was not the most exploited. In fact, Log4j (CVE-2021-44228, CVE-2021-45046) was the third most prevalent and accounted for 22% of Tetra Defense’s incident response cases. Microsoft Exchange’s ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207), older than Log4j by 3 months, accounted for a greater share of incidents, 33% of the total.
There are many reasons ProxyShell-related incidents are more widespread than Log4j thus far in 2022, including the amount of news coverage Log4j got. However, we think that it goes to show that you can’t only patch new and newsworthy vulnerabilities to reduce your overall cyber risk.
Why is endpoint patching so hard?
Patching continues to be an issue for organizations of all sizes. But why? It feels like IT and security experts have been preaching about the importance of a strong patching program in securing an organization and its critical data.
Tetra recommends a risk-based approach. In other words, an approach to patching devices that prioritizes the patches based on the severity, as well as the device or software the vulnerability exists on. We agree, a risk-based approach is important in the triage and prioritization of what are likely to be hundreds of thousands of vulnerabilities. In addition to a risk-based patching strategy, we recommend automating the finding and fixing of known exposed vulnerabilities as a critical step. Allowing you to fix far more than you do today manually, but also saving tens of thousands of dollars in your staff’s time.
We also believe that today’s patching toolset is fundamentally broken. Infrastructure, VPN, and content requirements slow or completely inhibit the patching process. Fixing vulnerabilities without these limitations is essential, without it you are likely to be wasting time on an ineffective patching program that may leave you exposed anyways.
The Automox standard
Once you remove infrastructure and legacy VPN limitations and implement an automated patching program, aim for a 72-hour SLA to patch critical and actively exploited vulnerabilities on your devices – this is the benchmark that most Automox customers achieve today for all patchable vulnerabilities.
Risk-based security exists for a reason, it’s simply impossible to be 100% protected from any cyber threat at any time. Several of your team’s activities will eventually have diminishing returns. However, eliminating legacy roadblocks and adding automation to previously manual processes will pay dividends (almost immediately) to improve your overall security posture.
Automox for Easy IT Operations
Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day.