Wednesday, December 7, 2022

5 Top Vulnerability Scanning Trends in 2022

As the saying goes, there is no rest for the wicked … or for vulnerability scanners. The volume of threats is so high that organizations must constantly be on their guard. This means scanning ports, systems, apps, devices, and anywhere else to look for potential vulnerabilities, misconfigurations, and breaches. 

Here are some of the top trends in vulnerability scanning: 

1. Personal information 

Personally identifiable information (PII) is very much in the spotlight. Cybercriminals lust after it as it provides them with data they can sell, compromise, or use to hack into systems and scan people and organizations. Similarly, organizations are constantly looking for PII so they can ensure it is protected and that they don’t fall afoul or privacy and compliance mandates. Accordingly, vulnerability scanners are emerging that look for PII as well as vulnerabilities. 

“As the awareness of better privacy for customers’ sensitive data is rising, so does the number of solutions that help gain insights around privacy posture using scanning tools,” said Gil Dabah, co-founder and CEO at Piiano.

“Vulnerabilities recognized by scanning tools are including additional findings that are privacy related.”

Imagine a company with hundreds or thousands of developers that decide to harden the security of the PII they are collecting to decrease the risk of data exfiltration due to a breach. Such a task, when done manually, can take weeks. With code scanning tools, get a list of all PII the organization collects, can verify that the data you collect is aligned with your privacy policy, and better protect high-risk PII such as SSN. New tools help find PII; but they also give you insights regarding where you collect each PII, what processes you are doing with the data, and where you store it. 

See more: The 10 Top Vulnerability Scanning Tools

2. SBOMs 

A software bill of materials or SBOM is an inventory of ingredients that make up different software components. They are being used to be able to drill down into exactly where vulnerabilities may lurk. Take the recent Log4j vulnerability. As it related to Java libraries, few realized how pervasive those libraries were. Organizations thought they have patched or addressed all needed areas to combat Log4J. Yet there were more hiding in all sorts of nooks and crannies of the enterprise. SBOMs make it easier to know what contains which software elements so that it is easier to address vulnerabilities. 

“The move toward automated, formally structured, machine-readable SBOMs is clear,” said Alex Rybak, senior director of product management, Revenera.

“More and more software companies expect SBOMs to include all third-party (including open source and commercial) software that’s used in their applications. An SBOM that provides a single, actionable view is essential, so that when a vulnerability is detected, the supplier can quickly assess the impact to their portfolio of applications and expedite remediation plans.”

3. Supply chain attacks 

The Kaseya and SolarWinds attacks made it clear that vulnerabilities within the software supply chain were a vital element of security scans. SolarWinds attackers gained a foothold by exploiting an outdated build server with a known vulnerability. Since those well-publicized breaches, further example included GitLab’s RCE vulnerability (CVE 2021-22205) and the dozens of vulnerable Jenkins plugins announced in June. They demonstrate the importance of securing development tools and their ecosystems. 

“In 2022, organizations have expanded their vulnerability scanning efforts from COTS, cloud and source code to include the software delivery pipeline itself,” said Andrew Fife, VP of marketing at Cycode.

“While much of the hype around software supply chain attacks has been directed at traditional software composition analysis which focuses on the delivered application, the reality is that the majority of attacks start elsewhere.” 

See more: Simple Guide to Vulnerability Scanning Best Practices

4. Scanning for BEC and BAC

Business Application Compromise (BAC) is where attackers target cloud access identity providers like OKTA or OneLogin that are often used by business applications to provide a Single Sign On (SSO) experience to users. Attackers compromise the user OKTA login via phishing and thereafter overcome MFA by brute force pushing notifications in the hope that the user accidentally approves one of them. Business E-mail Compromise (BEC) most often happens in Microsoft 365. Criminals send an email message that appears to come from a known source making a legitimate request. With original deployments of Office 365 tenants, Microsoft by default enables IMAP and POP3 in O365 Exchange as well as BasicAuthentication. IMAP and POP3 don’t support multi-factor authentication (MFA), so even if you have MFA enabled, attackers can still access these mailboxes. 

“Disable legacy protocols like IMAP and POP3 immediately, especially if you’ve gone through the process to enable MFA,” said A.N. Ananth, president and chief strategy officer at Netsurion.

“Once you turn those off, strongly consider disabling BasicAuthentication to prevent any pre-auth headaches on your Office 365 tenants.” 

To address BAC, Ananth said to be alert for multiple Okta sessions from the same user with multiple, non-mobile operating systems. Alert for potential brute force Duo push requests. As a result of this type of threat, scanners are now checking for such vulnerabilities. 

5. Automated remediation 

The norm has long been that multiple tools are needed to bridge the scanning and remediation gap. Scanners find out what might be wrong. Other tools, and plenty of manual effort, are required to address the problems and safeguard the enterprise. But that is changing according to Ashley Leonard, CEO of Syxsense. His company, for example, offers a single agent that automates the management of endpoints and reduces the attack surface. 

“We are seeing solutions hitting the market that combine the necessary functionality to remediate threats that are blended: threats that require the application of a patch as well as configuration changes,” Leonard said.

“This ties in with threat prioritization whereby both patch and security threats are given different levels of risk based on the specifics of their environments. And finally, we are seeing software designed to bring about intelligent endpoints that can automatically maintain an endpoint in a desired state.”

See more: OpenVAS vs. Nessus: Top VAS Tools Compared

Similar articles

Latest Articles