High Priority

24-72 Hour SLA

Vulnerabilities that attackers actively exploit in the wild. These findings represent immediate ransomware vectors, exposed databases, privilege escalation paths, and other issues that enable rapid compromise.

Real-World Impact

73% of ransomware attacks exploit Tier 1 findings. Colonial Pipeline (no MFA), Capital One (exposed metadata), and Equifax (unpatched Struts) all stemmed from issues classified as High Priority under Beacon Standards.

Network

Critical Open Ports

T119024h

SSH (22), RDP (3389), SMB (445) exposed to internet. MITRE T1190.

Publicly Accessible Resources

T153024h

Cloud storage, databases, VMs exposed without authentication.

Missing Network Segmentation

T102172h

No firewall between critical assets. Lateral movement enabled.

Identity & Access Management

Missing MFA on Privileged Accounts

T107824h

Admin, root, and service accounts without multi-factor authentication.

Overprivileged Accounts

T1078.00448h

Users with unnecessary admin rights. Violates least privilege.

Stale Privileged Credentials

T155272h

Admin passwords unchanged for 90+ days. API keys never rotated.

Data Protection

Unencrypted Databases

T148548h

Production data without encryption at rest. Exposed in breaches.

SQL Injection Vulnerabilities

T119024h

OWASP A03:2021. Direct path to data exfiltration.

Public Database Endpoints

T153024h

MongoDB, Redis, PostgreSQL accessible from internet without auth.

Processing Protection

No DDoS Protection

T149848h

Critical services without rate limiting or DDoS mitigation.

Unpatched Critical CVEs

T120324h

CVSS 9.0+ vulnerabilities with public exploits available.

Exposed Management Interfaces

T113324h

Admin panels, K8s dashboards, CI/CD systems public-facing.

Remediation SLAs

24h

Internet-Exposed Exploitables

RCE, SQL injection, auth bypass

48h

Privilege Escalation Paths

Overprivileged accounts, misconfigs

72h

Lateral Movement Enablers

Network gaps, stale credentials

All Tiers Tier 2: Regulatory