Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

2021 Threat Landscape Retrospective Executive Report

by Cesar Navas
January 19, 2022

 2021 Threat Landscape Retrospective Executive Report Screenshot

2021 was certainly a turbulent year, punctuated with the revelation of a critical vulnerability in the widely-used Apache Log4j library. The lingering Covid-19 pandemic had already accelerated online and cloud migration, providing ripe targets for attackers. Organizations were faced with higher risks from interconnectivity resulting in major disruption from breaches, ransomware attacks, and attacks on the software supply chain. Tenable’s 2021 Threat Landscape Retrospective (TLR) provides valuable lessons learned as attackers relentlessly exploited the software supply chain. Cyber security practices need to evolve to address modern technology deployments. This report leverages Tenable’s 2021 Threat Landscape Retrospective to identify the most notable vulnerabilities that occurred in 2021.

The migration to cloud platforms, SaaS, IaaS, and managed service providers has changed the definition of the perimeter. Applying outdated cyber security tactics to modern cloud infrastructure is ineffective to combat current threats. A Risk-Based Vulnerability Management (RBVM) approach that evolves with the changing threat landscape is necessary to prioritize identification of unnecessary services and software, limit third-party code, implement a secure software development lifecycle, and perform accurate asset detection across the entire attack surface. Modern vulnerability management programs must include information technology, operational technology, and internet of things (IoT), whether they reside in the cloud or on premises. RBVM requires identifying and fixing critical vulnerabilities and misconfigurations in cloud and Active Directory. Unpatched vulnerabilities represent lucrative opportunities for ransomware attackers, leading to successful ransomware attacks and breaches, such as the Kaseya, SolarWinds, Colonial Pipeline, and Conti attacks.

Organizations usually perform a “lessons learned” meeting after a breach to discuss what went right, what went wrong, and how to improve their response moving forward. Tenable’s Security Response Team (SRT) continuously provides valuable insight and perspective on new threats that may affect an organization’s cyber security posture. SRT’s research enables organizations to prioritize and create remediation plans for the evolving threat landscape. This report uses CVE filters to display the top five most notable threats and provides indicators for the remaining threats identified in 2021. The content enables organizations to understand the full scope of the current attack surface and refine their security strategy accordingly. 

This report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards (ARCs), and assets. The report is easily located in the Tenable.sc Feed in the Security Industry Trends category.

The report requirements are:

  • Tenable.sc 5.20.0
  • Nessus 10.0.2

Tenable Research delivers world class cyber exposure intelligence, data science insights, alerts, and security advisories. The Tenable Research teams perform diverse work that builds the foundation of vulnerability management. The Security Response Team (SRT) tracks threat and vulnerability intelligence feeds and provides rapid insight to the Vulnerability Detection team, enabling them to quickly create plugins and tools that expedite vulnerability detection. This fast turnaround enables customers to gain immediate insight into their current risk posture. Tenable Research has released over 165,000 plugins and leads the industry on CVE coverage. Additionally, the SRT provides breakdowns for the latest vulnerabilities on the Tenable Blog and produces an annual Threat Landscape Retrospective. The SRT continuously analyzes the evolving threat landscape, authors white papers, blogs, Cyber Exposure Alerts, and additional communications to provide customers with comprehensive information to evaluate cyber risk.

This report contains the following components:

Executive Summary: The Executive Summary chapter provides an overview of the organization's vulnerabilities in relation to Tenable’s 2021 Threat Landscape Retrospective. The chapter includes a trend graph and heat map which give a historical record of mitigation efforts. A Class C Summary bar chart and matrix provide the executive team with an overview of the top five threats of 2021 that were detected. 

TLR 2021 Vulnerabilities: The TLR 2021 Vulnerabilities chapter is broken into two sections: TLR 2021 Top 5 Threats Summary and TLR 2021 Vulnerabilities Summary. The Top 5 Threats section uses a class c summary bar chart to show an executive team which subnet to focus their mitigation efforts on, while a table shows the detected top five vulnerabilities of 2021. The TLR 2021 Vulnerabilities Summary section uses a class c summary bar chart along with a table to show any detected CVEs of the 315 CVEs included in Tenable's TLR 2021.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training