Since cybercriminals are in full throttle targeting newly released common vulnerabilities and exposures, responsible transparency is critical when mitigating these risks. 

As a result, enterprises should fully engage in threat intelligence sharing to find the optimal balance in high-risk situations, according to Derek Manky (pictured), chief security strategist and vice president of global threat intelligence at Fortinet Inc.

“We talked about cyber criminals not having rest,” he said. “Well, they are employing [automation] tools … and early beginnings of weaponized machine learning and artificial intelligence. Responsible disclosure has been very specific to how you handle vulnerabilities and release it. Responsible transparency is the new aspect of that. Organizations are coming together to embrace and then adopt it. With the transparency angle, that’s going to be a game changer.”

Manky spoke with theCUBE Research’s Rob Strechay at the recent RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the importance of responsible transparency when it comes to risk mitigation as common vulnerabilities and exposures attack radius heightens. (* Disclosure below.)

Responsible transparency should be part of vulnerability compliance management

According to the latest Fortinet “FortiGuard Labs 2H 2023 Global Threat Landscape Report,” cybercriminals have become more sophisticated and faster. This is the reason why responsible transparency is critical, because the window period for a CVE attack has significantly reduced, according to Manky.

“There’s an accelerated attack chain that we’re seeing,” he said. “I can’t emphasize this enough how much the risk exposure has increased. We saw that attack chain, meaning when a new CVE was published from ,once the clock starts ticking, it was less than five days on average for all CVEs. We’re talking about that window shrinking from about eight days to under five days now. Meaning, from a blue team’s perspective, we need to prioritize a response to this.”

As cybercriminals continue to shift and expand their playbooks, strategic patch and vulnerability compliance management are urgent. As a result, Fortinet helps with responsible transparency through the automation of outbreak alerts, Manky pointed out. 

“The other thing in the report we saw was that, and unfortunately we talk about this all the time but it’s reality, 98% of all organizations that we saw in 2023 in the second half are still under attack from CVEs,” he said. “We have it published in the report to actually guide into a much more bite-sized, manageable approach for strategic patch management.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE Research’s coverage of the RSA Conference

(* Disclosure: Fortinet Inc. sponsored this segment of theCUBE. Neither Fortinet nor other sponsors have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE