The rapidly changing pace of the cyberthreat landscape is on every security pro's mind. Not only do organizations need to secure complex cloud environments, they're also more aware than ever that their software supply chains and open-source elements of their application codebase might not be as ironclad as they thought.
It should come as no surprise, then, that defending against a new slate of emerging threats was a major theme at RSAC 2022. Here's a closer look at what some Rapid7 experts who presented at this year's RSA conference in San Francisco had to say about staying ahead of attackers in the months to come.
Surveying the threat landscape
Security practitioners often turn to Twitter for the latest news and insights from peers. As Raj Samani, SVP and Chief Data Scientist, and Lead Security Researcher Spencer McIntyre pointed out in their RSA talk, "Into the Wild: Exploring Today's Top Threats," the trend holds true when it comes to emerging threats.
“For many people, identifying threats is actually done through somebody that I follow on Twitter posting details about a particular vulnerability," said Raj.
As Spencer noted, security teams need to be able to filter all these inputs and identify the actual priorities that require immediate patching and remediation. And that's where the difficulty comes in.
“How do you manage a patching strategy when there are critical vulnerabilities coming out … it seems weekly?" Raj asked. “Criminals are exploiting these vulnerabilities literally in days, if that," he continued.
Indeed, the average time to exploit — i.e., the interval between a vulnerability being discovered by researchers and clear evidence of attackers using it in the wild — plummeted from 42 days in 2020 to 1 ..
Support the originator by clicking the read the rest link below.
