{"id":43110,"date":"2020-11-26T00:00:00","date_gmt":"2020-11-26T00:00:00","guid":{"rendered":"https:\/\/www.trendmicro.com\/en_us\/ciso\/20\/k\/beat-cybercriminal-at-their-own-game.html"},"modified":"2020-11-26T00:00:00","modified_gmt":"2020-11-26T00:00:00","slug":"beat-cybercriminals-at-their-own-game","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/beat-cybercriminals-at-their-own-game\/","title":{"rendered":"Beat Cybercriminals at Their Own Game"},"content":{"rendered":"

<\/p>\n

<\/div>\n

According to Gartner<\/a>, vulnerability exploitation is the cause of most information security breaches, and any breach can harm your business, diminish customer trust, impact revenue, and depress shareholder value. A single attack that takes advantage of a vulnerability can also lead to costly fines for non-compliance with data protection regulations like the General Data Protection Regulation (GDPR)<\/a>.<\/p>\n

The Trend Micro\u2122 Trend Micro Zero Day Initiative\u2122 (ZDI), a leading bug bounty program and number one global public discloser of vulnerabilities, reported the total number of publicly disclosed vulnerabilities in 2019 was 1,095\u2014with ZDI disclosing 52% of all cases. And all indicators suggest that the number identified but not reported is even higher.<\/p>\n

But where do you find the time and resources to identify and patch vulnerabilities when cybersecurity skills are in such short supply?<\/p>\n

“(ICS)2 estimates that the number of unfilled cybersecurity jobs will reach an unprecedented 3.5 million by 2021<\/a>. “<\/span><\/span><\/p>\n

What can you do?<\/span><\/p>\n

Create a prioritized patching process<\/b><\/p>\n

Patching every vulnerability immediately throughout your ecosystem is impossible for most organizations. Instead, industry analysts recommend focusing on aligning vulnerability management priorities with the biggest security threats by focusing first on vulnerabilities that are also actively being exploited in the wild. Another factor will be the level of potential impact associated with any given vulnerability. Those that are not only being exploited in the wild, but also designated as \u201ccritical\u201d or \u201cimportant\u201d due to the degree of compromise they enable, will certainly warrant attention before all others.<\/p>\n

Protect vulnerabilities as soon as they are disclosed<\/b><\/p>\n

Vulnerability research gives security companies the information needed to build protections into their products and services\u2014reducing the time lag between vulnerability disclosure and protecting sensitive business applications, including those that are not easily patchable.<\/p>\n

Trend Micro\u2019s exclusive access to vulnerability information from both its internal research, as well as the ZDI, enables us to deliver immediate post-disclosure coverage (protection across multiple IT layers after a vulnerability is disclosed and before the patch has been applied). And for Trend Micro\u2122 TippingPoint\u2122 customers, we are able to deliver pre-emptive protection on average 81 days in advance of a vendor patch.<\/p>\n

Our approach to vulnerabilities<\/b><\/p>\n

Our research is put to work in two very important ways. First, responsibly disclosing new vulnerabilities to the vendors of the affected software and systems allows them to proactively provide corresponding patches in a timely manner. Then, for our customers, extending protection to cover the gap between vulnerability disclosure and patch application, as well as out-of-support and un-patchable systems.<\/p>\n

Trend Micro offers the breadth and depth of vulnerability research integrated into its solutions to deliver maximum protection through:<\/p>\n