The question of remediating every single vulnerability is moot. Given the massive amounts of vulnerabilities being disclosed every month, it’s logistically and organizationally unfeasible. At the enterprise level, even the largest IT team simply can’t handle all the vulnerabilities out there – nor, in truth do they need to.
As a CISO or Security Manager, you understand your organization’s need to remain one step ahead of cybercriminals searching for gaps in your security posture. The market is flooded with solutions for dealing with vulnerabilities and the challenge continues to be understanding the ways to best prioritize and manage the vulnerabilities. But first, to keep your organization safe, it’s imperative that you understand the differences between the three main types of security solutions: vulnerability assessment, vulnerability management, and vulnerability remediation tools.
The 15th anniversary of Patch Tuesday is coming up, and now is a good time to rethink how we approach patching as a whole, and how we prepare for Patch Tuesday specifically.
In its 2018 “Global Risks Report,” the World Economic Forum – a prominent international policy think-tank – ranked cyber threats just below extreme weather events and natural disasters.
The demanding speed of today’s development cycles and flexibility of IT infrastructure provides a huge opportunity to move faster not only for the development teams, but for the security team as well. DevSecOps, specifically – the early integration of security into the development and deployment processes – allows even large organizations with large infrastructures to remediate security threats and exposures faster and in a fairly automated manner, speeding up deployment and release times and simplifying infrastructure and application security changes.
Figuring out the best way to leverage the cyber risk landscape with growing numbers of vulnerabilities every day is a daunting task, to say the least. Last year, CVE Details, a free database of software vulnerabilities, found a total of 14,712 known vulnerabilities. Indeed, threat analysis and vulnerability remediation can cost organizations up to 320 hours in labor per week.
Fortunately, cyber risk professionals monitoring the threat landscape on social media is at its very best. Today we’re sharing our list of the top 10 cyber risk experts we’re following on Twitter religiously; they are our favorite go-to people in the world of vulnerability remediation and cybersecurity.
DevOps took the software scene by storm in 2008, with the promise to reduce the time between changing a software system and that change being rolled out in a production environment – without compromising on quality. Basically, it was supposed to “turn the IT business model on its head with shorter cycle times, automation, and deep cross-functional integration to deliver the next great idea,” wrote cloud expert James D. Brown in 2013.
For several months in early 2018, you could not open a browser without seeing news about Spectre and Meltdown – the variants of a vulnerability built in to just about every computer chip on the planet. Discovered in late 2017 by researcher Michael Schwarz at Graz University of Technology in Austria, Spectre and Meltdown actually comprise three vulnerabilities (CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754).
With proper cyber hygiene, you can control IT processes - rather than being controlled by endless (and unhygienic) vulnerabilities.
Just five years ago, the vulnerability landscape looked markedly different. There were fewer vulnerabilities to patch and risk was far lower - since most systems were still on-premise and the overall cyber-threat climate was calmer.
Topics: vulnerability remediation