Five Steps to Lower Cyber Risk with Better Vulnerability Management

Posted by Roy Horev on Sep 13, 2018 9:54:51 AM

 

In its 2018 “Global Risks Report,” the World Economic Forum – a prominent international policy think-tank – ranked cyber threats just below extreme weather events and natural disasters.

Read More

Topics: vulnerability remediation, Patching, Cybersecurity

How Three Large Enterprises Made the Move to DevSecOps

Posted by Roy Horev on Sep 5, 2018 9:50:34 AM

 

The demanding speed of today’s development cycles and flexibility of IT infrastructure provides a huge opportunity to move faster not only for the development teams, but for the security team as well. DevSecOps, specifically – the early integration of security into the development and deployment processes – allows even large organizations with large infrastructures to remediate security threats and exposures faster and in a fairly automated manner, speeding up deployment and release times and simplifying infrastructure and application security changes.

Read More

Topics: DevSecOps

Top 10 Cyber Risk Experts to Follow

Posted by Yaniv Bar-Dayan on Aug 28, 2018 9:08:38 AM

 

 Figuring out the best way to leverage the cyber risk landscape with growing numbers of vulnerabilities every day is a daunting task, to say the least. Last year, CVE Details, a free database of software vulnerabilities, found a total of 14,712 known vulnerabilities. Indeed, threat analysis and vulnerability remediation can cost organizations up to 320 hours in labor per week.

Fortunately, cyber risk professionals monitoring the threat landscape on social media is at its very best. Today we’re sharing our list of the top 10 cyber risk experts we’re following on Twitter religiously; they are our favorite go-to people in the world of vulnerability remediation and cybersecurity.

Read More

Topics: Cybersecurity

DevSecOps: It's Time to Make the Move

Posted by Roy Horev on Aug 21, 2018 5:27:25 AM

 

DevOps took the software scene by storm in 2008, with the promise to reduce the time between changing a software system and that change being rolled out in a production environment – without compromising on quality. Basically, it was supposed to “turn the IT business model on its head with shorter cycle times, automation, and deep cross-functional integration to deliver the next great idea,” wrote cloud expert James D. Brown in 2013.

Read More

Topics: DevSecOps

Putting Meltdown and Spectre in Perspective, Six Months Later

Posted by Tal Morgenstern on Aug 14, 2018 9:19:49 AM

 

For several months in early 2018, you could not open a browser without seeing news about Spectre and Meltdown – the variants of a vulnerability built in to just about every computer chip on the planet. Discovered in late 2017 by researcher Michael Schwarz at Graz University of Technology in Austria, Spectre and Meltdown actually comprise three vulnerabilities (CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754).

Read More

Topics: vulnerability remediation, Meltdown and Spectre

Always Brush Your Digital Teeth: Why You Should Maintain Good Cyber Hygiene

Posted by Yaniv Bar-Dayan on Aug 1, 2018 8:00:30 AM

 

With proper cyber hygiene, you can control IT processes - rather than being controlled by endless (and unhygienic) vulnerabilities.

Read More

Topics: vulnerability remediation, vulnerabilities

How to Start the Transition from Risk Management to Vulnerability Remediation

Posted by Tal Morgenstern on Jul 24, 2018 6:37:36 AM

Just five years ago, the vulnerability landscape looked markedly different. There were fewer vulnerabilities to patch and risk was far lower - since most systems were still on-premise and the overall cyber-threat climate was calmer.

Read More

Topics: vulnerability remediation

Cyber Risk Management is not the Goal

Posted by Yaniv Bar-Dayan on Jul 19, 2018 8:26:50 AM

 

As we discussed in a previous post, a tsunami of known vulnerabilities is flooding businesses worldwide. In fact, the number of vulnerabilities reported to date in 2018 (8138 as of this writing) far outstrips the total number of vulnerabilities reported in all of 2016 (6447). We’re only halfway through the year, so it’s fair to estimate that the total for EOY 2018 will top last year’s record of over 14,600 reported vulnerabilities.

Enterprises are understandably concerned about the management and remediation of so many vulnerabilities with such detrimental potential. Risk analysis services and technologies offered by both veteran and newer players are among the solutions CSOs and other network stakeholders are considering. In this post, we’ll take a look at these services, and examine their (few) pluses and (very prominent) minuses.

Read More

Topics: vulnerability remediation

The Top 7 Vulnerabilities of the Decade

Posted by Roy Horev on Jul 11, 2018 7:14:47 AM

 

With nearly 15,000 new vulnerabilities discovered in 2017, and even more expected this year – the competition for ‘worst vulnerability’ is a tough one to judge. The discovery of serious, severe or even critical vulnerabilities is a daily occurrence – and thus ranking them by level of infamy is an elusive challenge.

Read More

Topics: vulnerability remediation, vulnerabilities

Your Vulnerability Management Processes are Broken

Posted by Tal Morgenstern on Jun 28, 2018 7:38:40 AM

 

There’s no other way to state it: Existing vulnerability management processes are broken. Current vulnerability management paradigms are not keeping up with threats. Attacks similar to WannaCry and Petya, which exploited the Eternal Blue vulnerability, could happen again at any time.

Read More

Topics: vulnerability remediation