RiskSense Attack Surface Tag

Summary: High-level overview of the RiskSense Attack Surface tag.

The RiskSense Attack Surface tag can be created by your customer success team. The tag comprises a variety of hand-curated threat lists from some of the top security analysts and organizations in the world. It is extremely helpful for prioritizing remediation of the most critical threats.

The tag can then be applied to any dashboard, custom or otherwise, for a quick, high-level view of the threats that affect your organization. It can also be applied to the Hosts or Host Findings list views, along with other filters (such as by Group) to obtain more granular information that will guide remediation efforts.

Here are the components of the tag:

  • Default Credentials: Vulnerabilities associated with Default Credentials affect devices that have pre-set administrative credentials that can access all configuration settings. The tag will surface these easily fixed, yet potentially detrimental vulnerabilities.

  • DHS-CISA-FBI Top 10: In May 2020, The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) and the Federal Bureau of Investigation (FBI) published a list of the Top 10 most commonly exploited software vulnerabilities across the last four years (between 2016 and 2019). The tag will surface your exposure to these critical CVEs. These CVEs are also part of the Attack Surface - RS system filter.

  • Recorded Future 2016-2020: The annual Recorded Future vulnerability report uses thousands of threat sources to create a list of the top 10 vulnerabilities being actively exploited by cybercriminals. The tag will surface the top 10 lists from 2016, 2017, 2018, 2019, and 2020.These CVEs are also part of the Attack Surface - RS system filter.

  • RS Top Attack Vectors: If RiskSense penetration testers encounter any of these CVEs, there is a high likelihood that they can achieve data exfiltration, system compromise, or domain compromise. Whether you’ve engaged with us on a pen test or not, the tag will surface whether you have exposure to what is likely to be a “game over” situation for your organization if these vulnerabilities are exploited by cybercriminals. These CVEs are also part of the Attack Surface - RS system filter.

  • Trending Threats: Trending threats are newly discovered or existing threats used in the wild with high intensity over the previous 30 days. This information is also available in our Weaponization funnel and is the result of RiskSense’s own threat curation and monitoring activities.

  • Remote Code Execution (RCE) and Privilege Escalation (PE): RCE exploits can occur from anywhere in the world and are the mechanism for many recent detrimental attacks, such as WannaCry. Vulnerabilities associated with PE can allow for attackers to elevate privileges, thereby potentially gaining access to sensitive data.

  • Ransomware Exposure: Includes more than 100 vulnerabilities used by ransomware families and all CVEs associated to ransomware attacks for immediate prioritization and remediation.

Please contact your customer success team directly or send a message to [email protected] to have this tag created for your RiskSense client.