Critical CVEs: Why Chasing Squirrels is Driving the Whole Industry Nuts

Critical CVEs are Time Sinks

The first reason is simply this: these squirrel moments are massive time-sinks for security teams. Security practitioners everywhere will tell you that the two most important resources they have are caffeine and time, and it is the latter that is continually in short supply and that makes security a zero-sum game. So, when a critical vulnerability drops, and security teams are forced to divert their time to chase these squirrels, it is always at the expense of other things, things that may age out, things that may be missed, and things that could have just as devastating an effect as that critical CVE.

Critical CVEs are on the Rise

The second reason is that, by every account, these squirrel moments are not going away, and in fact by many measures they are growing at a rather rapid pace. This means that, as we move forward, we can expect what might have been once-a-year events to turn into quarterly, or even monthly, occurrences. This kind of disruption to security teams (and even whole organizations) would likely take a heavy toll on already thinly stretched resources.

Chasing Critical CVEs is Reactive

The third reason is that chasing critical CVEs is wholly reactive. By its very nature, to chase a squirrel, there must be a squirrel to chase. To react to vulnerabilities, you first need to be alerted to the existence of vulnerability and this often comes long after active exploitation is detected. And, once alerted, then the organization must figure out if they are affected. And lastly, they must figure out a solution — especially if a patch is not yet available. This means that by the time an organization has mounted any response, they are entirely in defense mode.

Are You Saying Security Teams Shouldn’t Care About Critical CVEs?

No. Major weaknesses within a kingdom’s defenses should always be investigated and patched as soon as possible. What I am saying is that the, often times uncontrolled, chaos surrounding detecting these squirrel moments is time and effort better spent on the already overwhelming job of day-to-day security.

So, What’s the Solution?

I will forewarn you, the reader, that the solution to this problem is far from simple and will not happen overnight or with the addition of “one more” appliance or agent. But it is an achievable goal, I think.

How Do We Get There?

The typical question I get from security practitioners when I bring this whole concept up is: “well, how do we get there from here?”

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cyborg Security

Cyborg Security

Cyborg Security is a pioneer in cybernetic threat hunting, delivering an advanced, actionable threat hunting platform.