The present application relates generally to an improved data processing apparatus and method and more specifically to mechanisms for performing cognitive security exposure analysis and resolution based on security trends.
Computer security is a critically important area for most modern enterprises as they must secure the computing resources of their enterprises from attacks which may occur from both external and internal sources. In security their computing resources, it is important to be able to determine what vulnerabilities the computing resources have to such attacks. A vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness. Such vulnerabilities may also be referred to as an “attack surface.”
A security risk is often incorrectly classified as a vulnerability. The security “risk” is the potential of a significant impact resulting from the exploit of a security “vulnerability.” There are vulnerabilities without risk: for example, when the affected asset has no value. A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable vulnerability, i.e. a vulnerability for which an exploit exists. The window of vulnerability is the time from when the security hole was introduced or manifested in the computing resource, e.g., software, to when access was removed, a security fix was available/deployed, or the attacker was disabled. This window can be large in some instances, allowing attackers to gain access to computing resources for an unacceptable amount of time before discovery and before the exploit can be remedied by a security fix.