Quantifying The Attacker’S First-Mover Advantage
Vulnerability assessments to effectively improve the Time to Assess
Get an Alertwhen The Register has something new about ...
Check the boxes & select Email or Atom/RSS Feed.
This report measures the difference in days between when an exploit for a vulnerability becomes publicly available (Time to Exploit Availability) and when a vulnerability is first assessed (Time to Assess).
• 7-day Attackers have a median seven day window of opportunity to exploit a vulnerability before a defender is even aware they are vulnerable.
• 76% of analyzed vulnerabilities had a negative delta – meaning the attacker has the first-mover advantage.
• 34% For 34 percent of the analyzed vulnerabilities, an exploit was available on the same day that the vulnerability was disclosed.
• 24% A further point of concern is that 24 percent of analyzed vulnerabilities were being actively exploited by malware, ransomware or exploit kits in the wild.
• 75% While improving the Time to Assess by 75 percent would result in a positive delta for 66 percent of the analyzed vulnerabilities, the rapid Time to Exploit Availability and its weaponization mean that defenders often begin on a back footing and are challenged to gain the lead in the first move.
You will have to register, or log in, in order to download this paper.