Tal Morgenstern

Recent Posts

How Dangerous are Zero-Day Vulnerabilities?

Posted by Tal Morgenstern on May 7, 2019 12:16:08 PM

There’s a buzz in the vulnerability market surrounding solutions to protect against Zero Day vulnerabilities - vulnerabilities that were previously unknown with no vendor patch available. While some may paint a picture of hoards of hackers looking to exploit undiscovered flaws, security teams must ask themselves: is focusing on Zero Day attacks really the best use of enterprise resources?

Read More

Topics: vulnerabilities

The Problem with CVSS Scores and What It Means for Vulnerability Management Programs

Posted by Tal Morgenstern on May 2, 2019 8:38:33 AM

The number of vulnerabilities uncovered daily has long exceeded what security teams can possibly address. The key to success in vulnerability management no longer lies in patching everything, but rather in making judgment calls and deciding which vulnerabilities to address and which to ignore.

Read More

Topics: vulnerability remediation, vulnerabilities

There's More to Life Than Patching - Towards a new Vulnerability Management Paradigm

Posted by Tal Morgenstern on Apr 23, 2019 10:26:12 AM

With over 1,600 new vulnerabilities reported in the first 100 days of 2019, in addition to the 17,308 reported in 2018, it’s clear that vulnerability remediation is an ongoing necessity. Given the large number of vulnerabilities that are being added to the pool every day, having a strategy to decide which vulnerabilities to patch first is essential for companies of all sizes.

Read More

Topics: Patching, vulnerabilities

3 Ways Vulnerability Remediation Intelligence Increases Security and Efficiency

Posted by Tal Morgenstern on Mar 28, 2019 10:14:09 AM

Enterprises face new security threats daily. In 2017-18 alone, over 30,000 new vulnerabilities were reported. Trying to adapt to this new reality has become a tremendous challenge for security teams everywhere. Handling the influx of these new security threats has become an endless task, requiring manual, time-consuming work.

Read More

Topics: vulnerability remediation, vulnerabilities

Why Your Vulnerability Management Processes Isn't Working

Posted by Tal Morgenstern on Mar 21, 2019 7:49:31 AM

It’s the question that plagues every CISO: “Have I done enough?”

First, you’ve convinced your partners in the boardroom that vulnerabilities are a serious matter and increased your security budget. Then, you've managed to create a collaborative relationship between IT and security teams, coordinating code scans and implementing patches. But every now and then it’s important to zoom out at make sure you’re not missing the security forest for the vulnerability trees.

Read More

Topics: vulnerability remediation, vulnerabilities

Vulnerability Management Worst Practices

Posted by Tal Morgenstern on Jan 3, 2019 7:09:18 AM

Knowing what NOT to do can sometimes be just as helpful as knowing the right thing to do. Oftentimes, CISOs and Vulnerability Managers have plans and practices in place that can actually be making matters worse by focusing on the wrong things. Let’s review some of these mistakes so you can avoid them in your own organization.

Read More

Topics: vulnerability remediation, vulnerabilities

Vulnerability Remediation: Don't Let the Cure be Worse than the Disease

Posted by Tal Morgenstern on Dec 13, 2018 9:45:06 AM

By now, everybody knows that vulnerabilities that aren't remediated properly could pose a serious threat to the enterprises environment.The data breach experienced by Equifax last year exemplifies the impacts that can occur to a business that fails to remediate. However, we cannot ignore the other side of the coin – when remediation steps ARE applied they can cause significant damage and downtime in their own right.

Read More

Topics: vulnerability remediation

The Staggering Growth in Vulnerability Disclosures, 2010 - 2018

Posted by Tal Morgenstern on Dec 5, 2018 10:11:58 AM

With the end of the year, it’s prime time to reflect on vulnerability trends since the start of the decade.

Read More

Topics: vulnerability remediation, vulnerabilities

Looking Back - Top Vulnerabilities of 2018

Posted by Tal Morgenstern on Nov 15, 2018 9:47:44 AM

However you flip the number of recorded vulnerabilities in a given year, the number is at once humbling and noteworthy. We know that both actions – remediating all vulnerabilities and prioritizing a high-severity security flaw in a little-used, low-value system over a medium-severity security hole in a mission-critical system – leave your company’s most important assets exposed.

Read More

Topics: vulnerability remediation, vulnerabilities

Vulnerability Intelligence – What, Where and How?

Posted by Tal Morgenstern on Oct 25, 2018 7:36:30 AM

A key part of any risk assessment framework, vulnerability intelligence enables organizations to consider the broader picture when assessing a given vulnerability or set of vulnerabilities. Vulnerability intelligence providers consolidate data from multiple sources – both external and internal – and then offer a contextualized assessment of organizational risk. This can drastically tip the scales in your favor when facing mitigation or remediation.

Read More

Topics: vulnerability remediation, vulnerabilities