What is a vulnerability in cybersecurity?
A vulnerability in cybersecurity is a weakness in a host or system, such as a missed software update or system misconfiguration, that can be exploited by cybercriminals to compromise an IT resource and advance the attack path.
Identifying cyber vulnerabilities is one of the most important steps organizations can take to improve and strengthen their overall cybersecurity posture.
The Difference Among Vulnerabilities, Threats and Risks
Many people may use the terms vulnerability, threat and risk interchangeably. However, in the cybersecurity world, these terms have distinct and specific meanings.
As noted above, a vulnerability is a weakness that can be exploited by a malicious actor. For example, unpatched software or overly permissive accounts can provide a gateway for cybercriminals to access the network and gain a foothold within the IT environment.
A threat is a malicious act that can exploit a security vulnerability.
A risk is what happens when a cyber threat exploits a vulnerability. It represents the damage that could be caused to the organization in the event of a cyberattack.
7 Common Types of Cyber Vulnerabilities
When reviewing your company’s cybersecurity posture and approach, it’s important to realize that cybersecurity vulnerabilities are within the control of the organization — not the cybercriminal. This is one aspect of the cybersecurity landscape that enterprises can proactively address and manage by taking the appropriate action and employing the proper tools, processes and procedures.
Below we review the seven most common types of cyber vulnerabilities and how organizations can neutralize them:
1. Misconfigurations
Misconfigurations are the single largest threat to both cloud and app security. Because many application security tools require manual configuration, this process can be rife with errors and take considerable time to manage and update.
In recent years, numerous publicly reported breaches started with misconfigured S3 buckets that were used as the entry point. These errors transform cloud workloads into obvious targets that can be easily discovered with a simple web crawler. The absence of perimeter security within the cloud further compounds the risk associated with misconfigurations.
To that end, it is important for organizations to adopt security tooling and technologies and automate the configuration process and reduce the risk of human error within the IT environment.
2. Unsecured APIs
Another common security vulnerability is unsecured application programming interfaces (APIs). APIs provide a digital interface that enables applications or components of applications to communicate with each other over the internet or via a private network.
APIs are one of the few organizational assets with a public IP address. If not properly and adequately secured, they can become an easy target for attackers to breach.
As with misconfigurations, securing APIs is a process prone to human error. While rarely malicious, IT teams may simply be unaware of the unique security risk this asset possesses and rely on standard security controls. Conducting a security awareness training to educate teams on security best practices specific to the cloud — such as how to store secrets, how to rotate keys and how to practice good IT hygiene during software development — is critical in the cloud, just as in a traditional environment.
3. Outdated or Unpatched Software
Software vendors periodically release application updates to either add new features and functionalities or patch known cybersecurity vulnerabilities. Unpatched or outdated software often make for an easy target for advanced cybercriminals. As with system misconfigurations, adversaries are on the prowl for such weaknesses that can be exploited.
While software updates may contain valuable and important security measures, it is the responsibility of the organization to update their network and all endpoints.
Unfortunately, because updates from different software applications can be released daily and IT teams are typically overburdened, it can be easy to fall behind on updates and patching, or miss a new release entirely. Failing to update even one machine can have potentially disastrous consequences for the organization, providing an attack path for ransomware, malware and a host of other security threats
To help address this issue, organizations should develop and implement a process for prioritizing software updates and patching. To the extent possible, the team should also automate this activity so as to ensure systems and endpoints are as up to date and secure as possible.
4. Zero-day Vulnerabilities
A zero-day vulnerability refers to a security flaw that has been discovered by a threat actor but is unknown to the enterprise and software vendor. The term “zero-day” is used because the software vendor was unaware of their software vulnerability, and they’ve had “0” days to work on a security patch or an update to fix the issue; meanwhile it is a known vulnerability to the attacker.
Zero-day attacks are extremely dangerous for companies because they can be very difficult to detect. To effectively detect and mitigate zero-day attacks, a coordinated defense is needed — one that includes both prevention technology and a thorough response plan in the event of a cyberattack. Organizations can prepare for these stealthy and damaging events by deploying a complete endpoint security solution that combines technologies including next-gen antivirus (NGAV), endpoint detection and response (EDR) and threat intelligence.
5. Weak or Stolen User Credentials
Many users fail to create unique and strong passwords for each of their accounts. Reusing or recycling passwords and user IDs creates another potential avenue of exploitation for cybercriminals.
Weak user credentials are most often exploited in brute force attacks when a threat actor tries to gain unauthorized access to sensitive data and systems by systematically trying as many combinations of usernames and guessed passwords as possible. If successful, the actor can enter the system and masquerade as the legitimate user; the adversary can use this time to move laterally, install back doors, gain knowledge about the system to use in future cyberattacks, and, of course, steal data.
To address this particular cybersecurity vulnerability, organizations should set and enforce clear policies that require the use of strong, unique passwords and prompt users to change them regularly. Organizations should also consider implementing a multifactor authentication (MFA) policy, which requires more than one form of identification, such as both a password and a fingerprint or a password and a one-time security token, to authenticate the user.
6. Access Control or Unauthorized Access
Companies often grant employees more access and permissions than needed to perform their job functions. This increases identity-based threats and expands access to adversaries in the event of a data breach.
To address this issue, organizations should implement the principle of least privilege (POLP), a computer security concept and practice that gives users limited access rights based on the tasks necessary to their job. POLP ensures only authorized users whose identity has been verified have the necessary permissions to execute jobs within certain systems, applications, data and other assets.
POLP is widely considered to be one of the most effective practices for strengthening the organization’s cybersecurity posture, in that it allows organizations to control and monitor network and data access.
7. Misunderstanding the “Shared Responsibility Model” (i.e., Runtime Threats)
Cloud networks adhere to what is known as the “shared responsibility model.” This means that much of the underlying infrastructure is secured by the cloud service provider. However, the organization is responsible for everything else, including the operating system, applications and data.
Unfortunately, this point can be misunderstood, leading to the assumption that cloud workloads are fully protected by the cloud provider. This results in users unknowingly running workloads in a public cloud that are not fully protected, meaning adversaries can target the operating system and the applications to obtain access.
Organizations that are using the cloud or shifting to a cloud or hybrid work environment must update their cybersecurity strategy and tooling to ensure they are protecting all areas of risk across all environments. Traditional security measures do not provide security in a cloud environment and must be supplemented to provide enhanced protection from cloud-based vulnerabilities and threats.
What is vulnerability management?
Vulnerability management is the ongoing, regular process of identifying, assessing, reporting on, managing and remediating security vulnerabilities across endpoints, workloads and systems.
Because organizations potentially have many cybersecurity vulnerabilities within their IT environment, a strong vulnerability management program uses threat intelligence and knowledge of IT and business operations to prioritize risks and address cybersecurity vulnerabilities as quickly as possible.
What to Look for in a Vulnerability Management Solution
Managing exposure to known cybersecurity vulnerabilities is the primary responsibility of a vulnerability manager. Although vulnerability management involves more than simply running a scanning tool, a high-quality vulnerability tool or toolset can dramatically improve the implementation and ongoing success of a vulnerability management program.
The market is filled with options and solutions, each claiming leading qualities. When evaluating a vulnerability management solution, keep these things in mind:
Timeliness is important. If a vulnerability management tool fails to detect vulnerabilities in a timely manner, then the tool isn’t very useful and doesn’t contribute to overall protection. This is where network-based scanners often fail. It can take a long time to complete a scan and consume a large portion of your organization’s valuable bandwidth only to produce immediately outdated information. It’s better to choose a solution that relies on a lightweight agent rather than on a network.
Performance impact on an endpoint is key. Increasingly, vulnerability scanning vendors claim to offer agent-based solutions. Unfortunately, most of these agents are so bulky that they dramatically impact an endpoint’s performance. Therefore, when searching for an agent-based tool, look for one with a lightweight agent — one that consumes very little space on an endpoint to minimize any effect on productivity.
Real-time, comprehensive visibility is critical. You should be able to see what’s vulnerable in an instant. Legacy vulnerability tools can hinder visibility — network scans take a long time and provide outdated results, bloated agents slow business productivity, and bulky reports do little to help address security vulnerabilities in a timely manner.
Less is more. Organizations no longer need a complicated set of security tools and solutions that require personnel with specialized skills. Instead, many now rely on an integrated platform that includes vulnerability management tools along with other security tools for cyber hygiene, endpoint detection and response, device control and more — ultimately protecting your organization from attack due to unprotected systems.
CrowdStrike Vulnerability Management
CrowdStrike Falcon® Spotlight™ provides an immediate, scanless solution for comprehensive vulnerability assessment, management and prioritization for IT analysts. Built on the CrowdStrike Falcon® platform, it offers intuitive reports, dashboards and filters to help your IT staff address relevant vulnerabilities.
Using Falcon Spotlight, you can see the vulnerabilities exposed within your organization’s environment and easily prioritize those that are critical to your business. After you've prioritized your vulnerabilities and remediations, use the built-in integrations with the Falcon platform to deploy emergency patches, create custom dashboards to monitor your remediation efforts, and kick off external IT workflows with reports, integrations and APIs.
Key benefits include:
- Automate assessment for vulnerabilities with the Falcon sensor on all of your endpoints, whether on or off the network
- Shorten time-to-respond with real-time visibility into vulnerabilities and cyber threats in your environment
- Use intuitive dashboards to get the vulnerability data that is relevant to your organization, or create custom dashboards
- Save valuable time by prioritizing through integrated exploit and threat intelligence
- Bridge the gap between security and IT tools with always-available, on-demand vulnerability data and patching orchestration
- Initiate emergency patching for critical cybersecurity vulnerabilities with native Falcon integrations
For more information about how Falcon Spotlight can provide your organization with the relevant and timely information you need to reduce your exposure to cyberattacks with zero impact on your endpoints, please visit our Spotlight product page and download our data sheet.