The Scope of Application Vulnerabilities
The use of business applications has grown 68% over the past four years — which has created headaches for IT, who are responsible for managing and for cleaning up any messes. To help you understand the scope, the average company today uses 129 applications. In the largest 10% of companies, that number is well over 200. If you’re a small business manager reading this, you’re not off the hook: You have, on average, 73 applications in use today. Despite the spending dip seen across IT this past year, we are on pace to see over $450B USD spent on enterprise software by year’s end.
In 2019 alone, CNAs assigned 9.0+ critical CVSS scores to over 16 thousand vulnerabilities. Android was the worst offender (414), followed by Debian Linux (360), Windows Server 2016 (357), Windows 10 (357), Windows Server 2019 (351), Acrobat Reader DC & Reader (342) and Cpanel (321).
In my experience, ranging from communicating with ransomware attackers in Russia to a few Anonymous operators this past year, the main vulnerabilities are often used when trying to penetrate companies using spray-and-pray techniques. However, when the attack is more targeted towards specific business roles, I found that many critical vulnerabilities for applications that are less well-known (e.g. Vbox) are used in the attack. Since some static defenses may not be even looking to block attacks using these applications, they feel the target is more easily breached.
To supplement this anecdotal experience, SonicWall’s 2020 Mid-Year Threat Report shows a shift toward more targeted attacks, as indicated by a drop in overall malware attacks and a rise in unique variants found by our RTDMI technology. The data also shows shifts in the top applications attacked — but this is not news to those that have to defend against these attacks.
So how is SonicWall helping our friends in IT solve the sprawling ecosystem of applications and their vulnerabilities?
In June 2019, we released a unique feature within Capture Client (our next-generation endpoint security platform) called Application Vulnerability Intelligence. This feature, first of all, helps our CISOs and friends in IT catalog every application within the organization. Secondly, the management console displays the number of critical vulnerabilities within your apps on the dashboard, so one can quickly see and react. Thirdly, and more importantly, one can drill down and see what specific applications are vulnerable, what the severity rating for a particular application is, and the justification for that rating.
This knowledge helps IT help prioritize patching by either uninstalling the application from the administration console or by notifying the end user to patch. This will ultimately reduce the attack surface and thereby breaches and other IT headaches. If you would like to see this in action, please view this video.
For a more in-depth look at how to fit endpoint protection into your organization’s security posture, please see our Solution Brief: A Unified-Client Platform for Enterprise-Grade Endpoint Security.