The Staggering Growth in Vulnerability Disclosures, 2010 - 2018

Posted by Tal Morgenstern on Dec 5, 2018 10:11:58 AM

With the end of the year, it’s prime time to reflect on vulnerability trends since the start of the decade.

Read More

Topics: vulnerabilities, vulnerability remediation

Top Vulnerabilities of 2018

Posted by Tal Morgenstern on Nov 15, 2018 9:47:44 AM

However you flip the number of recorded vulnerabilities in a given year, the number is at once humbling and noteworthy. We know that both actions – remediating all vulnerabilities and prioritizing a high-severity security flaw in a little-used, low-value system over a medium-severity security hole in a mission-critical system – leave your company’s most important assets exposed.

Read More

Topics: vulnerabilities, vulnerability remediation

Vulnerability Metrics - Which Matter and Which Don't

Posted by Roy Horev on Nov 1, 2018 1:39:51 PM

The best way to share information about the risks associated with vulnerabilities is via quantifying these risks – i.e. metrics. The question is, which metrics? In order to communicate a cohesive vulnerability narrative, in this post we’ve grouped some of the more common metrics – with the aim of helping you leverage the most useful ones, and steer clear of those that are not.

Read More

Topics: vulnerabilities

Vulnerability Intelligence – What, Where and How?

Posted by Tal Morgenstern on Oct 25, 2018 7:36:30 AM

A key part of any risk assessment framework, vulnerability intelligence enables organizations to consider the broader picture when assessing a given vulnerability or set of vulnerabilities. Vulnerability intelligence providers consolidate data from multiple sources – both external and internal – and then offer a contextualized assessment of organizational risk. This can drastically tip the scales in your favor when facing mitigation or remediation.

Read More

Topics: vulnerabilities, vulnerability remediation

A Closer Look at Vulnerability Disclosure Policies

Posted by Roy Horev on Oct 17, 2018 4:48:34 AM

 

While technology companies aim to ensure that their products are watertight, the fact of the matter is that security vulnerabilities are discovered. But how they deal with these discoveries varies considerably.

The question is: should technology vendors keep vulnerabilities quiet or make them known?

Read More

Topics: vulnerabilities

Taking a Risk Based Approach to Vulnerability Management

Posted by Roy Horev on Oct 11, 2018 7:02:54 AM

The question of remediating every single vulnerability is moot. Given the massive amounts of vulnerabilities being disclosed every month, it’s logistically and organizationally unfeasible. At the enterprise level, even the largest IT team simply can’t handle all the vulnerabilities out there – nor, in truth do they need to.

Read More

Topics: vulnerabilities

Vulnerability Assessment, Management, and Remediation: Understanding the Differences

Posted by Yaniv Bar-Dayan on Oct 4, 2018 9:36:38 AM

 

As a CISO or Security Manager, you understand your organization’s need to remain one step ahead of cybercriminals searching for gaps in your security posture. The market is flooded with solutions for dealing with vulnerabilities and the challenge continues to be understanding the ways to best prioritize and manage the vulnerabilities. But first, to keep your organization safe, it’s imperative that you understand the differences between the three main types of security solutions: vulnerability assessment, vulnerability management, and vulnerability remediation tools.

Read More

Topics: vulnerability remediation, vulnerabilities

Three Best Practices for Patch Tuesday

Posted by Tal Morgenstern on Sep 26, 2018 9:20:58 AM

 

The 15th anniversary of Patch Tuesday is coming up, and now is a good time to rethink how we approach patching as a whole, and how we prepare for Patch Tuesday specifically.

Read More

Topics: Patching

Five Steps to Lower Cyber Risk with Better Vulnerability Management

Posted by Roy Horev on Sep 13, 2018 9:54:51 AM

 

In its 2018 “Global Risks Report,” the World Economic Forum – a prominent international policy think-tank – ranked cyber threats just below extreme weather events and natural disasters.

Read More

Topics: Cybersecurity, vulnerability remediation, Patching

How Three Large Enterprises Made the Move to DevSecOps

Posted by Roy Horev on Sep 5, 2018 9:50:34 AM

 

The demanding speed of today’s development cycles and flexibility of IT infrastructure provides a huge opportunity to move faster not only for the development teams, but for the security team as well. DevSecOps, specifically – the early integration of security into the development and deployment processes – allows even large organizations with large infrastructures to remediate security threats and exposures faster and in a fairly automated manner, speeding up deployment and release times and simplifying infrastructure and application security changes.

Read More

Topics: DevSecOps