Last updated at Fri, 02 Aug 2024 20:13:05 GMT
Co-authored by Andrea Ruddy
Risks identified within a cloud environment compound to represent a real threat of exploitation. Our cloud risk scoring, introduced recently to insightCloudSec, focuses on these toxic combinations. Toxic combinations are attractive for bad actors who can target multiple weaknesses to gain access. Building on our cloud risk scoring, we have introduced a new dashboard to give users a clear view of their cloud risk, driving prioritization and quick remediation of the most critical risks.
Toxic Combinations represent multiple weakness and are a target for exploit
The dashboard provides an immediate overview of the level of risk that exists, with a breakdown of the number of resources at each risk level.
Resources with multiple risk factors - the toxic combinations of risk are identified. From here the analyst can go directly to a filtered view of Layered Context, where details of the resource and all identified risks are displayed alongside remediation guidance and automation that can be run immediately to address the most critical risks. This feature takes security teams from visibility and prioritization to remediating the riskiest findings within minutes.
CVEs remain a critical risk
Exploitable vulnerabilities remain a top concern for CISOs. The Rapid7 2024 Attack Intelligence Report gives insight into the decreasing time taken for vulnerabilities to be exploited, with 53% of vulnerabilities throughout 2024 getting exploited before software patches were available. The new dashboard displays the total number of vulnerabilities across the cloud environment that are actively exploited in the wild and the total number of CVEs with known exploits, giving security teams the visibility to assess the level of risk introduced by exploitable vulnerabilities.
From these data points, with one click, analysts can review the impacted resources, the attack path and blast radius, and also remediation guidance, allowing them to remove these risky vulnerabilities from their cloud environment.
From Prioritization to Remediation
We have lots of updates coming over the next few months that will continue to build on our prioritization features and help our customers remediate faster. Drop by our stand at Black Hat to get a demo of one of our upcoming features that will enable your team to implement the solutions that will have the biggest impact on removing risk in your cloud and on-prem environments.