Incident Response Services
Penetration Testing Services
IoT Security Services
Training & Certification
Managed Vulnerability Management
Managed Application Security
Managed Detection & Response
Find a Partner
Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.
Insight Platform Overview Try Now
User Behavior Analytics & SIEM
Orchestration & Automation
Application Security On-Premise
Need a hand with your security program? From planning and strategy to full service support, our experts have you covered.
Need immediate help with a breach?
There are more devices connected to the internet than ever before. This is music to a hacker’s ears, as they make good use of machines like printers and cameras which were never designed to ward off sophisticated invasions. It's led companies and individuals alike to rethink how safe their networks are.
As the amount of these incidents rises, so does the way we need to classify the dangers they pose to businesses and consumers alike. Three of the most common terms thrown around when discussing cyber risks are vulnerabilities, exploits, and threats. Here’s a breakdown of each and what they mean in terms of risk:
To understand how these terms are used, it helps to understand exactly what’s at stake. It all starts with an API. API stands for application program interface, and the term refers to the guidelines that direct software on how to interact with the network and hardware. An API essentially gives commands for how the software should behave. APIs come in all shapes and sizes, and are generally straightforward to install.
A vulnerability, in turn, is really just an unintended API that has not been documented in the system. Once the API is found, attackers can use it to direct software to act in a way that it’s not intended to, such as gleaning information about the current security defenses in place. With vulnerabilities, hackers are typically attempting to solve a puzzle about what they can get away with before they attack.
A vulnerability scanner will automatically parse through the APIs to identify which ones may be exposing the system to danger. A vulnerability database is the list of known vulnerabilities the scanner will use to spot potential problems; the more information the scanner has, the more accurate its performance. Once a team has a report of the vulnerabilities, developers can use penetration testing as a means to see where the weaknesses are, so the problem can be fixed and future mistakes can be avoided. When employing frequent and consistent scanning, you'll start to see common threads between the vulnerabilities for a better understanding of the full system. Learn more about vulnerability management and scanning here.
An exploit is the next step in a hacker's playbook after finding a vulnerability. Exploits exercise the unintended API, whether documented or not. Exploits are used for a number of different reasons, from gaining financial information to tracking a user's whereabouts. Exploits can take place behind firewalls where they're harder to spot, and they’ve been known to cause irreparable damage when gone undetected.
For example, there is specific malware hackers can install that will wait until a computer is at its weakest point (e.g., a VPN connection from an unsecured network) before activating. Much like vulnerabilities, the exploit database is used as a reference point before sending a virtual alarm to the user about what's taking place behind closed doors. Exploits are easiest to deal with in their preliminary stages, but it may still take weeks to fully resolve both the action and the underlying vulnerability that allowed the action to occur in the first place.
A threat refers to the hypothetical event wherein a hacker uses the vulnerability. The threat itself will normally have an exploit involved, as it's a common way hackers will make their move. A hacker may make multiple exploits at the same time after assessing what will bring the most reward. While nothing disastrous may have happened yet at this stage, it can give a security team or individual insight into whether or not an action plan needs to be made regarding specific security measures.
Risk then refers to how likely it is the threat will actually occur based on the security parameters of the network. There is no guaranteed safety when it comes to making a machine hacker-proof, but prioritizing vulnerabilities and their threat level is taking the game to the next level when it comes to security management.
While it may seem like you’re constantly hearing about a new attack or cyber threat in the world, these terms can help give further context to the stages and dangers that security professionals deal with on a daily basis. So, what can you do to lower your overall risk? Security Information and Event Management (SIEM) is a systematic process that can make it easier to control what's happening on your network. SIEM tools can help companies set up strong, proactive defenses that work to fend off threats, exploits, and vulnerabilities to keep their environment safe.