Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

Tenable 2022 Threat Landscape Report: Reduce Your Exposure by Tackling Known Vulnerabilities

Tenable 2022 Threat Landscape Report spotlights vulnerabilities to remediate now

The 2022 Threat Landscape Report — Tenable’s annual look at the vulnerabilities and cyberthreats facing security teams — drives home the sheer enormity of the challenges involved in reducing risk. The report provides analysis of the vulnerability landscape, a deep dive into the events that shaped the threat landscape and a detailed breakdown of vulnerabilities sorted by vendor.

Some might find the 65-page report daunting. In reality, as comprehensive as it is, any report of this kind can only hope to represent a segment of the tens of thousands of vulnerabilities security teams are faced with every year. At Tenable, we believe the only way for security professionals to effectively reduce risk is by taking a contextual look at the factors influencing today’s complex digital organizations. The Threat Landscape Report is a tool that can aid in that effort.

In the course of its daily work, Tenable’s Security Response Team inspects data from hundreds of sources in order to identify events relevant to our customers and the broader cybersecurity industry. From this vantage point, we’re able to view the vulnerability and threat landscapes holistically to help security professionals identify the trends that matter most. This contextual view is essential for organizations looking to evolve from a reactive cybersecurity posture to one focusing on preventive and proactive measures.

Cybersecurity organizations are well beyond the point where vulnerability management can be performed in a vacuum. The modern attack surface contains a mix of on-premises and cloud-based infrastructure, complex identity and access management systems and large numbers of web applications and microservices. The broad array of siloed cybersecurity tools and systems organizations have in place is not helping to reduce risk.

Perhaps even more concerning is that known flaws continue to rear their ugly heads year after year.

Over a five-year period from 2018 through 2022, the number of reported CVEs increased at an average annual growth rate of 26.3%. There were 25,112 vulnerabilities reported in 2022 (as of January 9, 2023), which represents a 14.4% increase over the 21,957 reported in 2021 and a 287% increase over the 6,447 reported in 2016. Perhaps even more concerning is that known flaws continue to rear their ugly heads year after year. In fact, known vulnerabilities dating as far back as 2017 were so prominent in our findings that they occupy the top spot in the 2022 list of the top 5 vulnerabilities.

Analyzing the vulnerability landscape alone only tells part of the story. Security professionals also need to understand the threat landscape: how attackers are using those vulnerabilities, along with other tools and tactics, to target enterprises, governments and nonprofits.

A comprehensive view of the landscape is fundamental to building an effective exposure management program — which involves a combination of people, process and technology. Exposure management enables organizations to transcend the limitations of siloed security programs. Building an exposure management program involves bringing together data from tools associated with vulnerability management, web application security, cloud security, identity security, attack path analysis and attack surface management and analyzing it within the context of an organization’s unique mix of users and IT, operational technology (OT) and internet of things (IoT) assets. The goal? Having the contextual data needed to execute an ongoing, preventive security program built on risk-based workflows.

To aid in that mission, the 2022 Threat Landscape Report examines:

  • Significant vulnerabilities disclosed and exploited throughout the year, including how common cloud misconfigurations can affect even tech juggernauts.
  • The continuous transformations of the ransomware ecosystem and the rise of extortion-only threat groups.
  • Ongoing risks, vulnerabilities and attacks within the software supply chain.
  • Tactics used by advanced persistent threat groups to target organizations with cyberespionage as well as disruptive and financially motivated attacks.
  • Breach factors and the challenges in analyzing breach data, given the limited information available and lack of detailed reporting requirements.
  • Details of the key vulnerabilities affecting enterprise software.

Five ways to use this report

There are five key ways security professionals can use the findings contained in this report:

  1. Reduce your organization’s exposure by identifying and remediating the vulnerabilities and misconfigurations referenced.
  2. Keep attackers at bay by learning how threat actors are breaching organizations and the tactics they’re employing to hold organizations and their sensitive data for ransom.
  3. Protect data by examining some of the common ways data breaches occur and what your organization can do to prevent them.
  4. Prioritize the vulnerabilities that are most commonly exploited and maximize the effectiveness of your patching and mitigation strategy.
  5. Broaden your security controls to address cloud and identity misconfigurations that attackers continue to target.

The report also provides four recommendations for actions security professionals can take today to improve their preventive cybersecurity efforts and beef up their exposure management practices.

A peek inside the 2022 Threat Landscape Report

The report is organized into three sections which, taken together, are designed to provide a circumspect view of the year in cybersecurity while making it easy for security professionals to home in on the areas that matter most to their organization.

Section one explores notable events in the vulnerability landscape, including:

  • The ongoing prominence of Microsoft Exchange Server vulnerabilities in attacks
  • Log4Shell, notable vulnerabilities and supply chain concerns
  • Cloud security issues and misconfigurations

Section two explores events that shaped the threat landscape, including:

  • Nation state activity
  • The sustained impact of ransomware and the evolution of the ecosystem and tactics
  • Data breach events and key observations drawn from a compilation of publicly-available data

Section three provides a list of all the vulnerabilities discussed in the report sorted by vendor, so you can quickly home in on the ones that matter most to your organization. We provide a detailed look at more than 170 vulnerabilities affecting more than 30 vendors and open source tools, including Apache, Apple, Atlassian, F5 Networks and Microsoft.

Learn more

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training