Beat Cybercriminals at Their Own Game
The fight against cybercrime never ends, but there’s a valuable resource that can give you an advantage—continuous research into the vulnerabilities across your diverse technology infrastructure. Get a leg up in the vulnerability race with our guide.
According to Gartner, vulnerability exploitation is the cause of most information security breaches, and any breach can harm your business, diminish customer trust, impact revenue, and depress shareholder value. A single attack that takes advantage of a vulnerability can also lead to costly fines for non-compliance with data protection regulations like the General Data Protection Regulation (GDPR).
The Trend Micro™ Trend Micro Zero Day Initiative™ (ZDI), a leading bug bounty program and number one global public discloser of vulnerabilities, reported the total number of publicly disclosed vulnerabilities in 2019 was 1,095—with ZDI disclosing 52% of all cases. And all indicators suggest that the number identified but not reported is even higher.
But where do you find the time and resources to identify and patch vulnerabilities when cybersecurity skills are in such short supply?
"(ICS)2 estimates that the number of unfilled cybersecurity jobs will reach an unprecedented 3.5 million by 2021. "
What can you do?
Create a prioritized patching process
Patching every vulnerability immediately throughout your ecosystem is impossible for most organizations. Instead, industry analysts recommend focusing on aligning vulnerability management priorities with the biggest security threats by focusing first on vulnerabilities that are also actively being exploited in the wild. Another factor will be the level of potential impact associated with any given vulnerability. Those that are not only being exploited in the wild, but also designated as “critical” or “important” due to the degree of compromise they enable, will certainly warrant attention before all others.
Protect vulnerabilities as soon as they are disclosed
Vulnerability research gives security companies the information needed to build protections into their products and services—reducing the time lag between vulnerability disclosure and protecting sensitive business applications, including those that are not easily patchable.
Trend Micro’s exclusive access to vulnerability information from both its internal research, as well as the ZDI, enables us to deliver immediate post-disclosure coverage (protection across multiple IT layers after a vulnerability is disclosed and before the patch has been applied). And for Trend Micro™ TippingPoint™ customers, we are able to deliver pre-emptive protection on average 81 days in advance of a vendor patch.
Our approach to vulnerabilities
Our research is put to work in two very important ways. First, responsibly disclosing new vulnerabilities to the vendors of the affected software and systems allows them to proactively provide corresponding patches in a timely manner. Then, for our customers, extending protection to cover the gap between vulnerability disclosure and patch application, as well as out-of-support and un-patchable systems.
Trend Micro offers the breadth and depth of vulnerability research integrated into its solutions to deliver maximum protection through:
- The world’s largest vendor-agnostic bug bounty program
- Comprehensive coverage across operating systems, devices, and applications—as well as IoT and IIoT, including ICS/SCADA
- Immediate protection upon vulnerability disclosure with virtual patching
- Extensive research capabilities including vulnerability analysis, malware and exploit analysis, security product development, and custom research
- Market-leading security solutions across cloud, server, network, endpoints, email, and IoT
Read Trend Micro’s vulnerability research e-book, Beat Cybercriminals at Their Own Game, to learn more about how you can streamline vulnerability management for reduced risk and maximum protection.