Research | Our Q3 report details what's new in the world of ransomware.
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Find cyber threats that have evaded your defenses.
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Brands of the world trust ReliaQuest to achieve their security goals.
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
The latest threat research report from ReliaQuest Threat Research research team.
The latest white papers focused on security operations strategy, technology & insight.
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
November 30, 2023
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
From April 1 to September 30, 2023, over 14,000 new vulnerabilities were disclosed. Even monthly, the number of vulnerabilities disclosed is daunting to a cyber-threat defender, but if you also factor in the number of technologies in a given environment, and the time it takes to test and apply updates….let’s be realistic: Fixing every vulnerability as it arises isn’t possible.
ReliaQuest recommends a healthy blend of vulnerability intelligence and vulnerability management to defend against cyber attacks. The latter involves figuring out what assets you possess, and determining which vulnerabilities pose the biggest risk.
We continuously monitor vulnerabilities to gauge their potential risk, based on factors like impact, likelihood of exploitation, and the nature of exposure. A small but significant subset of the 14,000 vulnerabilities that came to light in Q2 and Q3 2023 have been exploited in the wild—133 of them.
By excluding the nearly half of exploited vulnerabilities that were zero days (41%), we get an even smaller subset that’s worth exploring. Zero-days are unpredictable. But if we examine trends we observed involving the non-zero-days – how fast, easy, and likely it is for exploitation to occur – we can actually make predictions that point the way to clear patching priorities.
Our non-zero-day vulnerabilities were typically exploited within 24.5 days of being disclosed, on average. In fact, 41% were exploited within a week and 55% within two weeks, which means that more than half took less than the average time to exploit. The rest of the subset were exploited within about a month or more, and some took over three months (which explains why the average time to exploit was 24.5 days rather than, say, 14).
Clearly, cybersecurity teams need to stay on top of patching the right exploits, with so many being exploited so quickly. (And let’s not forget that almost half of all vulnerabilities disclosed in Q2 and Q3 2023 were zero-days.) Rather than waste valuable time identifying vulnerable assets in emergency patch situations, set up a robust vulnerability management process in advance. That includes maintaining an up-to-date asset inventory, which, at a minimum, includes:
The base score of the Common Vulnerability Scoring System (CVSS) should be an important factor when prioritizing updates. The average CVSS base score of our exploited-vulnerability subset was 8. This is logical, considering that a higher CVSS score signifies greater exploitability (and impact) potential. But the score alone doesn’t paint the whole picture.
Figure 1: CVSS Base Score scoring system, with blue-highlighted values indicating the highest possible scores
(Source: National Institute of Standards and Technology)
Here are the exploitability factors that influence the CVSS base score: attack vector, attack complexity, privileges required, user interaction, and scope. If we analyze those new vulnerabilities exploited in the wild during Q2 and Q3 in terms of those metrics, we can see what risky qualities lie behind those high CVSS scores:
Focus your patching efforts on vulnerabilities that have a higher likelihood of being targeted (and start with those being actively exploited). Based on the risk factors that make up the CVSS base score, and ReliaQuest analysis of the past six months, these should include:
Ransomware is the biggest threat facing organizations in 2023. Some ransomware operators focus mainly on exploiting vulnerable internet-facing devices to gain access to a target environment. These attacks are often opportunistic, depending on which networks they can gain access to. See where we’re going with this?
When new vulnerabilities crop up in technologies that are often public facing, and have a relatively large presence in organizations around the world, cyber-threat actors often jump at the opportunity. Some well-resourced threat groups even purchase or develop their own zero-day exploits.
It’s not just ransomware operators taking advantage. State-sponsored threat groups are also known to adopt publicly available exploits into their arsenals, to support operations against current targets, or gain access to new ones that could benefit their objectives.
A few examples include CVEs found in PaperCut (CVE-2023-27350) and Citrix (CVE-2023-3519) products, as well as one found in the MOVEit Transfer software (CVE-2023-34362), all of which were exploited in Q2 and Q3 2023. Each of these products are often public facing, and exploitation granted unauthenticated users access to the company environment.
In many cases, exploitation continued well after updates for the flawed versions were released. The bottom line? As long as vulnerable devices are still out there, attackers will continue to exploit them.
Much like defenders, threat actors are monitoring the vulnerability threat landscape, scanning for opportunities to gain initial access or exploit weaknesses once they are already in a network. When it comes to zero-days and rapidly exploited vulnerabilities, organizations can’t always be ahead of the curve. But they can strengthen defenses.
Aim for a robust security posture by:
Get a live demo of our security operations platform, GreyMatter, and learn how you can improve visibility, reduce complexity, and manage risk in your organization.