Best Practices for Vulnerability Management in the Cloud in 2023

•

Good morning! We hope everyone in the security community is ready to tackle challenges of the week. One of the biggest challenges security & compliance teams will face in 2023 is the exponentially increasing # of CVEs in the wild. Today's 🧵 covers this topic 👇

The Problem: CVEs Increase Faster than Teams Can Fix a) There are more than 1900 CVEs identified every month on avg. b) The monthly total will include 270 high-severity and 155 critical vulnerabilities c) 94% of orgs scanned in 2022 had 1 unencrypted service that was exposed.

The Problem (cont) d) Most CVEs are exploited within 30 days of public disclosure. e) RDP is the most commonly scanned protocol & Elastisearch and MongoDB are most commonly found DBs in ransomware exploits. f) SOC analyst spend 30 hrs per week on avg triaging alerts

If teams don't have the proper skillsets, resources, time or processes within their org, vulnerability management quickly can become a detriment to the security posture! Having the ability to quickly PRIORITIZE & REMEDIATE vulnerabilities is a must for orgs in 2023.

So how can teams implement a proper vulnerability management program in the ☁️ in 2023? a) Conduct regular vulnerability assessments & scans to identify potential security weaknesses in the cloud environment. Set a schedule by which your team will adhere to clean scan goals.

Proper vuln mgmt (cont)... b) Prioritize and remediate vulnerabilities based on their risk & impact to the organization's operations & data. Go beyond severity and look at: exploitability, accessibility, impact to business assets, sensitive data analysis, attack vector, etc.

Proper vuln mgmt (cont)... c) 97% of open source vulnerabilities aren't accessible due to network or application configurations. Filter out the noise of traditional vulnerability scans by overlaying runtime data on the scans (SBOM, netflow, etc.)

Proper vuln mgmt (cont)... d) Take care in how your org handles scanning - make sure it is continuous vs static point in time, config scans according to what's on asset to ensure efficiency & reduce false positives, and look at configuration risk as well as CVEs.

By implementing these best practices for vulnerability management in the ☁️ in 2023, orgs can hope to keep up with the asymmetrical battles being waged by threat actors and have a proper starting point for defending their cloud environments and the applications w/i those envs.

If you want to learn more about how @deepfence's CNAPP can help you with your vulnerability management strategy and program in 2023, schedule a demo with @ryancsmith2222, our Head of Product If you like this content, like/RT this post & follow us! go.deepfence.io/15-minute-demo