0
1000
2000
3000
4000
5000
6000
7000
8000
9000
1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014
Vulnerability Trends
# Vulnerabilities
Automated
Exploit
46 7 12 14 32 46 42
Easy 32 3 13 10 19 34 23
Moderate 6 4 0 4 10 12 13
Difficult 25 26 19 36 71 130 54
Extremely
Difficult
8 29 16 60 28 39 53
No Known
Exploit
92 41 60 140 90 153 285
Exposure Local
Availability
Local
Access
Remote
Availability
Remote
Access
Local
Privileged
Remote
Privileged
NIST 800-53 Controls
CA–07 Continuous Monitoring
CM–08 Information System Component Inventory
IA–03 Device Identification and Authentication
SA–04 Acquisition Process
SC–17 Public Key Infrastructure Certificates
SI–04 Information System Monitoring
PM–05 Information System Inventory
NIST 800-53 Control
CA–07 Continuous Monitoring
CM–02 Baseline Configuration
CM–08 Information System Component Inventory
CM–10 Software Usage Restrictions
CM–11 User–Installed Software
SA–04 Acquisition Process
SC–18 Mobile Code
SC–34 Non–Modifiable Executable Programs
SI–04 Information System Monitoring
PM–05 Information System Inventory
NIST 800-53 Control
CA–07 Continuous Monitoring
CM–02 Baseline Configuration
CM–03 Configuration Change Control
CM–05 Access Restrictions for Change
CM–06 Configuration Settings
CM–07 Least Functionality
CM–08 Information System Component Inventory
CM–09 Configuration Management Plan
CM–11 User–Installed Software
MA–04 Nonlocal Maintenance
RA–05 Vulnerability Scanning
SA–04 Acquisition Process
SC–15 Collaborative Computing Devices
SC–34 Non–Modifiable Executable Programs
SI–02 Flaw Remediation
SI–04 Information System Monitoring
NIST 800-53 Control
CA–02 Security Assessments
CA–07 Continuous Monitoring
RA–05 Vulnerability Scanning
SC–34 Non–Modifiable Executable Programs
SI–04 Information System Monitoring
SI–07 Software, Firmware, and Information Integrity
NIST 800-53 Control
AC–04 Information Flow Enforcement
CA–03 System Interconnections
CA–07 Continuous Monitoring
CA–09 Internal System Connections
CM–02 Baseline Configuration
CM–03 Configuration Change Control
CM–05 Access Restrictions for Change
CM–06 Configuration Settings
CM–08 Information System Component Inventory
MA–04 Nonlocal Maintenance
SC–24 Fail in Known State
SI–04 Information System Monitoring
Detection: Precursors and Indicator Sources
Alerts
IDP/IPS
SIEM/Log Intelligence
Antivirus
File Integrity Monitoring
Third Party Threat Intelligence
Malware file hashes
IP addresses
Mutex
Registry
Logs
Operating systems, services and
application
Network device
Network flow
People
Employees & Contractors
Business partners
Customers & External parties
Media
March 21 10:23 – Google Security finds
vulnerability
March 31- Cloudflare patches
April 1 - Google Security notifies OpenSSL a
April 7 – Open SSL patch available
April 12 – Exploits appear
April 16 – FBI releases Snort signatures
Intrusion
Detection
ExploitVulnerable Host
Actions & Alerts
• Vulnerabilities of attacked host
• Business value of target asset
Top Related