How much do you know about the supply chain that takes a vulnerability and turns it into an exploit?
Tenable research explored the lifecycle of exploits from discovery to utilization in a breach. What we learned will help you better protect your organization through a risk based approach to vulnerability management.Download the Free Report
How Lucrative are Vulnerabilities?
A Closer Look at the Economics of the Exploit Supply Chain
The nature of cyber attacks has undergone dramatic changes in the past few years. You need to ensure that your approach to protecting your organization from attacks reflects these changes through defense mechanisms that reflect the rise of cyber crime and the infrastructure that supports it.
- A risk based approach to vulnerability management that prioritizes those vulnerabilities most likely to be utilized in an attack is necessary given the overwhelming number of vulnerabilities.
- The cybercrime supply chain is quite sophisticated. This allows attackers to operate at arms length, complicating law enforcement efforts.
- There is an imbalance between the amount of resources that threat groups are expending on cybercrime versus the more limited resources of defenders.
- Different exploits command different prices. Some command prices as high as $1M.
Download the Report:
How Lucrative Are Vulnerabilities?
A Closer Look At The Economics Of The Exploit Supply Chain
The Vulnerability to Exploit Supply Chain
The Vulnerability to Exploit Supply Chain consists of the following:
- Exploit Research & Development
- Exploit Brokering & Dissemination
- Exploit Productization
- Exploit Delivery
Producers are involved in the discovery of vulnerabilities, and the development of proof-of-concept exploit code. Suppliers facilitate the brokering, and general availability of exploits and related knowledge to the market. Service Providers integrate exploits into a variety of 3rd party products and services, from penetration testing frameworks to exploit kits. Consumers, for example end user organizations conducting a penetration test, or a criminal fraud gang, then consume the exploits.