A vulnerability is any flaw or weakness within the technology system that cybercriminals can exploit to gain unauthorized access to a network, information assets and software applications.
For any organization today, there are plenty of vulnerabilities. Knowing where and how vulnerabilities can exist, you can start to get ahead of them. So, let’s look at the 5 most important types of vulnerabilities.
A security vulnerability may exist by design — such as a coding or hardware design flaw built into the product and its updates. Or, a vulnerability may emerge from the way that the technology is deployed within a business process.
Considering the distributed, vast and data-driven nature of technology systems in an enterprise IT environment, many business organizations employ automated vulnerability management solutions to defend against cyber threats. The process typically involves:
For this article, we’ll focus on the first phase of the vulnerability assessment and management process — discover — by understanding different types of vulnerabilities that may exist within a business.
(Read our companion vulnerability management piece or understand the CVE.)
So if a vulnerability is any flaw or weakness, that means there’s probably a lot of them in all of your digital and hardware systems. Knowing these 5 types will help you sort and prioritize them.
This type of vulnerability refers to the flaw within the software products. Software vulnerabilities tend to occur due to:
A cybercriminal can exploit these vulnerabilities to install a malware payload or backdoor into the technology stack. The software may continue to function with logical correctness despite the vulnerability — allowing cybercriminals to remain under the radar after exploiting the vulnerability.
Network vulnerabilities can include any vulnerabilities within the software, hardware and processes that govern the flows of data workloads, user traffic and computing requests within the IT networks. Network vulnerabilities range from the hardware components in the physical layer and all the way up the stack to the application layer of the OSI model.
The extensive nature of the technologies that constitute an IT network makes it challenging to keep track of networking vulnerabilities: every hardware product, every software service is from a different vendor and is exposed to its own set of security risks.
Even when all device software and firmware are maintained and up to date, the network fabric may be vulnerable to unauthorized access due to misconfigured firewall and traffic routing.
Misconfigurations can expose a system — even when the individual software and hardware products function without an exposed security vulnerability. The products may be configured with default administrative credentials, which may be already known to a cybercriminal. The default security settings may fail to encrypt sensitive data workloads automatically, which means that any leaked data is also vulnerable to:
Another aspect of misconfigurations deals with the process-level risk exposure of the system. This can come from the TCP/IP protocols, traffic workflows and authentication systems in place to ensure that the network behaves as expected. Misconfigurations may risk the network traffic to violate an explicit or implicit security policy.
Since no individual network node or component behaves unexpectedly at this point, engineering teams rely on statistical analysis to determine whether the network as a whole complies with the assigned security policies.
According to research, the human element is responsible for 95% of all cybersecurity incidents.
The vulnerability of an insider threat is a challenging case: at the outset, an employee is trusted with sensitive business information and access to mission-critical technology systems. If the employee becomes dissatisfied or disgruntled and intentionally chooses to harm their organization, the risk exposure comes down to two things:
Another case deals with the negligence or lack of security awareness of the employees handling sensitive business information.
While there is no well-defined approach to discover a malicious intent of a disgruntled employee, or to predict security negligence of an otherwise trusted team member, organizations can minimize this risk exposure in many ways. These include:
In the context of cybersecurity vulnerabilities, physical security is particularly relevant to cloud infrastructure vendors and large organizations operating in-house data center systems. A physical vulnerability may include:
However, any insider threat within the physical office premise, or theft or loss of a BYOD (Bring Your Own Device) device can expose security risks to the organization. In order to address these physical vulnerabilities, organizations must enforce strict policy controls governing the use of business information on BYOD devices and access to corporate apps, services and networks from outside of the physical premise of the organization.
When cybercriminals recognize a vulnerability in the system, they exploit it. In most cases, you can fix software-related vulnerabilities by installing a security patch issued by the vendor or the open source community.
In some cases where the exploit is only recently discovered and a security fix is not yet issued, called the Zero-Day exploit, you may be exposed to a higher risk but can maintain strong levels of security by encrypting sensitive data assets and using strong Identity and Access Management systems to control network access.
See an error or have a suggestion? Please let us know by emailing ssg-blogs@splunk.com.
This posting does not necessarily represent Splunk's position, strategies or opinion.
The Splunk platform removes the barriers between data and action, empowering observability, IT and security teams to ensure their organizations are secure, resilient and innovative.
Founded in 2003, Splunk is a global company — with over 7,500 employees, Splunkers have received over 1,020 patents to date and availability in 21 regions around the world — and offers an open, extensible data platform that supports shared data across any environment so that all teams in an organization can get end-to-end visibility, with context, for every interaction and business process. Build a strong data foundation with Splunk.