» 제거하는 방법 » 애드웨어 » 연구진은 실제 공격에 악용 된 취약점의 가능성을 평가하기위한 시스템을 도입

연구진은 실제 공격에 악용 된 취약점의 가능성을 평가하기위한 시스템을 도입

당신은 아마 알다시피, 모든 시스템은 취약하다. 매년, CVE 식별자는 발견 된 취약점의 수천에 할당, 그것은 모든 새를 모니터링하는 것은 거의 불가능. Exploit Prediction Scoring System maybe solve these problems

How to understand which companies correct immediately, 어느 사람이 보류 될 수있다, specialists tried to figure out at the Black Hat USA conference, which was held last week in Las Vegas.

Experts Michael Roytman from Kenna Security and Jay Jacobs from Cyentia Institute called vulnerability management amalicious problembecause it is not comparable with the number of detected vulnerabilities.

“Every month, 만 10% of all vulnerabilities are fixed. There are too many of them for companies to fix everything, so it’s necessary to develop a strategy that would solve this problem”, – experts consider.

The new strategy should help organizations figure out which vulnerabilities really need to be fixed. Theoretically, the CVSS rating system should help in thisthe higher the rating, the more serious the problem.

하나, all vulnerabilities that score 7 or higher according to CVSS are considered critical. There are still too many such “critical” vulnerabilities and it is impossible to understand which of them should be a priority.

“CVSS is just DoSing your patch installation policies and makes you throw money down the drain”, — said Roitman and Jacobs.

연구자들에 따르면,, 만 2-5% of all critical vulnerabilities are actually exploited in real attacks. 따라서, it is necessary to create a system for assessing the risk of vulnerabilities, which would take into account the potential possibility of their exploitation on practice.

독서  Endownfatitho.pro 강아지 업을 제거

에 따르면 Darkreading, 그만큼 예측 점수 시스템을 악용 (EPSS), introduced by Roitman and Jacobs at Black Hat USA, could become such a system. EPSS uses more than a dozen criteria to determine the feasibility of exploiting the vulnerability.

This includes CVE and CVSS assessment, presence of PoC exploits and exploits used by cybercriminals, the operating system, the vendor, and other variables. Taking into consideration all the above criteria, EPSS gives the percentage of probability of exploitation of a particular vulnerability in real attacks.

또한 읽기: Crowdstrike 연구: 모바일 기기에 대한 위협은 훨씬 더 정교하고 위험되고있다

Roytman and Jacobs said that they will be making their methodology available as both an algorithm that can be configured and implemented by others and as an online calculator into which users can plug in data for an answer on any given CVE.

As of the posting of this story, the URL for the calculator (http://kennaresearch.com/tools/epss-calculator) was not yet active, but they said that the page, which will also include the white paper explaining the research that led to the new model, will be available soon after the conclusion of Black Hat.

[합계: 0    평균: 0/5]

트로이 킬러 소개

메모리 스틱에 트로이 킬러 휴대용 운반. 당신은 당신이 어디를 가든 당신의 PC가 어떤 사이버 위협에 저항 도울 수 있는지 확인하십시오.

또한 확인

How to remove Unhadrenronre.pro Show notifications

The Unhadrenronre.pro pop-ups are a social engineering attack that tries to fool you into subscribing

Tonsharrensinjust.pro 강아지 업을 제거

The Tonsharrensinjust.pro pop-ups are a social engineering attack that tries to fool you into subscribing

회신을 남겨주