Nobody likes to be caught off guard—especially when it comes to cybersecurity. When news breaks of a zero-day vulnerability being exploited in the wild, organizations often panic, and IT security teams scramble to patch or mitigate affected systems as quickly as possible. But that isn’t always necessary, and it may waste resources that could be put to better use. I get it. Zero-day vulnerabilities—especially zero-day vulnerabilities that are being actively exploited—are hard to ignore. They’re “sexy” and capture headlines and attention. You shouldn’t be distracted by the zero-day du jour, though. You should be focused on reducing your exposure to threats with continuous threat exposure management (CTEM).
The Zero-Day Fallacy
In the book “The 7 Habits of Highly Effective People,” Stephen Covey describes the distinction between urgency and importance. Many zero-day vulnerabilities fall into the category of urgent—but not important. The sense of urgency gives them the illusion of importance but shifting resources to address them immediately impacts your ability to protect critical systems and data. Google’s Project Zero reported 58 in-the-wild zero-days in 2021—the most since they began tracking in 2014. That is a concerning milestone, but according to the National Institute of Standards (NIST) there were 18,378 total vulnerabilities reported for the year. It is a completely different perspective when you consider that the in-the-wild zero-days amount to less than one-third of one percent of the total vulnerabilities. The sense of urgency of a zero-day vulnerability is based on the premise that it’s a “race” between IT security teams and threat actors once the zero-day flaw has been publicly disclosed. In a July 2022 document describing how to implement a continuous threat exposure management (CTEM) program, however, Gartner analysts noted that despite the anxiety that zero-day vulnerabilities might cause, they are rarely the primary cause of a breach. The Check Point Cyber Security Report 2021 supports that perspective as well. According to the report, 75% of attacks during 2020 leveraged vulnerabilities that were at least two years old. Meanwhile, the 2021 Vulnerability Statistics Report from Edgescan found that the mean time to remediate (MTTR) vulnerabilities is more than 60 days. The MTTR for High-Risk vulnerabilities was nearly 85 days, and the MTTR even for vulnerabilities deemed Critical was more than 50 days. When the mean time to remediate vulnerabilities can be measured in months, threat actors have plenty of time to develop exploits and every vulnerability is essentially a zero-day.
Focus on What Matters
Identifying and patching every vulnerability on every device and application in your environment is virtually impossible. Organizations have struggled with vulnerability and patch management since the dawn of cybersecurity, and digital transformation and the expansion and complexity of the attack surface have made it more challenging. It is simply too overwhelming. You can’t fix everything. However, you don’t need to fix everything—just the right things. There is a daunting volume of vulnerabilities, but not every vulnerability is exploitable. Not every exploitable vulnerability is being actively targeted by threat actors. Not every exploitable vulnerability being targeted by threat actors has the potential for material impact. Don’t scramble to address zero-days. Don’t waste resources and burn yourself out trying to patch every vulnerability in your environment. Focus on what matters—patching vulnerabilities and mitigating weaknesses that can lead to material impact.
CTEM and the Epiphany Intelligence Platform
A CTEM program establishes a repeatable cycle of scoping, discovery, prioritization, validation, and mobilization that ensures consistent threat exposure management outcomes. Implementing a CTEM program enables you to ignore zero-day vulnerability fire drills and focus your efforts and resources on reducing your exposure to threats. The Epiphany Intelligence Platform provides the foundation for an effective CTEM program. Epiphany harnesses the power of your existing infrastructure management and security tools to analyze your environment and automatically assess your exposure. Epiphany proactively and continuously identifies all attack paths to expose emerging threats and provide prioritized recommendations and decision intelligence to enable you to mitigate your most critical risks. Click here to learn more about why you should implement CTEM with the Epiphany Intelligence Platform.