How to Combine Vulnerability Management with Pen Testing

Posted by Roy Horev on May 23, 2019 7:02:06 AM

For an organization to be confident it must have a solid security posture, and for this, regular testing is key. Two types of testing are critical to assessing security posture – penetration testing and vulnerability scans.

Read More

Topics: vulnerabilities, Pen Testing

Without Asset Management, You're Lost. Why Vulnerability Management Starts with Your Assets

Posted by Roy Horev on May 14, 2019 1:35:01 PM

In the broadest sense, “Asset Management” means managing the complete life-cycle of every corporate asset, from procurement to safe disposal. Effective Asset Management ensures that every expense fits both corporate goals and security standards, including guidelines and policies related to Vulnerability Management, such as how vulnerabilities are prioritized and resolved.

Read More

Topics: vulnerabilities

How Dangerous are Zero-Day Vulnerabilities?

Posted by Tal Morgenstern on May 7, 2019 12:16:08 PM

There’s a buzz in the vulnerability market surrounding solutions to protect against Zero Day vulnerabilities - vulnerabilities that were previously unknown with no vendor patch available. While some may paint a picture of hoards of hackers looking to exploit undiscovered flaws, security teams must ask themselves: is focusing on Zero Day attacks really the best use of enterprise resources?

Read More

Topics: vulnerabilities

The Problem with CVSS Scores and What It Means for Vulnerability Management Programs

Posted by Tal Morgenstern on May 2, 2019 8:38:33 AM

The number of vulnerabilities uncovered daily has long exceeded what security teams can possibly address. The key to success in vulnerability management no longer lies in patching everything, but rather in making judgment calls and deciding which vulnerabilities to address and which to ignore.

Read More

Topics: vulnerability remediation, vulnerabilities

There's More to Life Than Patching - Towards a new Vulnerability Management Paradigm

Posted by Tal Morgenstern on Apr 23, 2019 10:26:12 AM

With over 1,600 new vulnerabilities reported in the first 100 days of 2019, in addition to the 17,308 reported in 2018, it’s clear that vulnerability remediation is an ongoing necessity. Given the large number of vulnerabilities that are being added to the pool every day, having a strategy to decide which vulnerabilities to patch first is essential for companies of all sizes.

Read More

Topics: Patching, vulnerabilities

Vulnerability Remediation in the CI/CD Pipeline - Not Just a Coding Issue

Posted by Roy Horev on Apr 4, 2019 7:27:24 AM

Vulnerability remediation was once considered a straightforward process. Scanning software identified potential vulnerabilities and notified the system administrator, who took over from there. “Vulnerability” was seen as a coding issue, so manually checking and patching code became the standard method of remediation despite being slow and not always effective.

Read More

Topics: vulnerability remediation

3 Ways Vulnerability Remediation Intelligence Increases Security and Efficiency

Posted by Tal Morgenstern on Mar 28, 2019 10:14:09 AM

Enterprises face new security threats daily. In 2017-18 alone, over 30,000 new vulnerabilities were reported. Trying to adapt to this new reality has become a tremendous challenge for security teams everywhere. Handling the influx of these new security threats has become an endless task, requiring manual, time-consuming work.

Read More

Topics: vulnerability remediation, vulnerabilities

Why Your Vulnerability Management Processes Isn't Working

Posted by Tal Morgenstern on Mar 21, 2019 7:49:31 AM

It’s the question that plagues every CISO: “Have I done enough?”

First, you’ve convinced your partners in the boardroom that vulnerabilities are a serious matter and increased your security budget. Then, you've managed to create a collaborative relationship between IT and security teams, coordinating code scans and implementing patches. But every now and then it’s important to zoom out at make sure you’re not missing the security forest for the vulnerability trees.

Read More

Topics: vulnerability remediation, vulnerabilities

A History of Vulnerability Management

Posted by Roy Horev on Mar 14, 2019 9:02:15 AM

The number of known vulnerabilities has exploded in recent years. With enterprises using more software solutions, open-source, cloud, Internet of Things, and more, it’s no wonder the increase in security flaws has skyrocketed.

Read More

Topics: vulnerabilities, Cybersecurity

How can Enterprises Stop Failing their Vulnerability Management Teams?

Posted by Roy Horev on Mar 7, 2019 8:33:55 AM

Everyone knows that CISOs are losing sleep over the dangers that vulnerabilities could potentially cause their businesses, and with good reason. But the problem goes beyond the continuous growth in vulnerabilities.

Read More

Topics: vulnerability remediation, vulnerabilities, DevSecOps