Mid-market security teams frequently encounter a significant blind spot, a concern that Chris Wallis has observed throughout his career. "Many organizations continue to focus solely on counting vulnerabilities," stated Wallis, the founder and CEO of Intruder, in an interview with Dark Reading's Terry Sweeney. "The critical factor is the speed at which you remedy these vulnerabilities."
The annual number of Common Vulnerabilities and Exposures (CVE) is escalating, with estimates rising from 30,000 to 50,000, and advancements in AI-assisted discovery are expected to further increase these figures. As a result, the lag between vulnerability detection and resolution is evolving into a substantial business risk.
Wallis, who draws on his extensive experience in penetration testing, elaborates on the dangers of relying exclusively on CVE-centric strategies. During his engagements, he frequently encountered fully patched environments that remained susceptible due to elements such as misconfigured databases, exposed management interfaces, and neglected areas of the attack surface that traditional scanning tools often overlook. This revelation was instrumental in inspiring the creation of Intruder, which emphasizes attack surface management, enabling security teams to address tangible risks that extend beyond mere CVE counts.
The urgency to adapt is becoming increasingly apparent. The mean time to exploit vulnerabilities has decreased from months to mere hours, and Wallis forebodes that this could soon diminish to minutes or even seconds. Organizations that struggle to implement patches within 30 days may face severe consequences if they do not reformulate their strategies. Regarding artificial intelligence, Wallis acknowledges its promise for enhancing scalability and efficiency, but he cautions that full dependability in this area may remain one to two years away.
By utilizing his background as a penetration tester and ethical hacker, Wallis is committed to making top-tier vulnerability management accessible to mid-market organizations, with a strong emphasis on attack surface management and overall cyber hygiene.
Share this story