So, it’s time to patch again. Kind of like getting your flu shots – you know it’s good for you, but nobody likes doing it. Let’s do a quick analysis of the challenges that patching poses to your environment, and some of our recommended coping mechanisms
“If it were easy, everyone would do it.”
With the never-ending headlines of major breaches caused by vulnerabilities, it’s clear that vulnerability management isn’t easy. According to the Ponemon Institute, the average total cost of a breach in 2018 ranged from between 2-7 million dollars, depending on the number of compromised records.
No matter what IT field you work in, staying on top of the latest technologies and trends is a must, especially in cybersecurity. Just as a good security plan requires continuous monitoring, a good CISO needs continuous learning. A top-notch security conference can be the most efficient and effective way for CISOs to stay current while networking with peers.
Security and IT teams are currently fighting a flood of software vulnerabilities. In 2018 alone, a record 16,555 were reported. Of these, thousands affected every cloud-native SaaS or enterprise company. Some of these vulnerabilities were only potentially dangerous, but others affected tens of thousands of customers.
It's been over a year since the Equifax breach made headline news. But I have the feeling that organizations haven't looked at the Equifax breach as a lesson in what is currently wrong with the cybersecurity industry.
The Equifax breach could have happened to any enterprise. If you don’t agree, you may as well stop reading, because you’re not going to agree with anything that follows.
On the surface, patch management sounds like a straightforward task. But patching in a production environment means making a change to potentially every device in the enterprise. Let’s take a look at some of the complex challenges of patching production environments and some ways to improve the process.
For our day to day product deployment, we use docker containers. Whenever a new piece of code is being shipped to production, our CI/CD process creates several docker images and pushes them to our private registry – standard deployment process.
Knowing what NOT to do can sometimes be just as helpful as knowing the right thing to do. Oftentimes, CISOs and Vulnerability Managers have plans and practices in place that can actually be making matters worse by focusing on the wrong things. Let’s review some of these mistakes so you can avoid them in your own organization.
DevOps has revolutionized the pace at which new iterations of applications are released to meet the needs of customers. By nature, security teams are focused on securing company assets and data, which others may see as a roadblock to productivity. The tension between these two groups can sometimes be palpable.
Trends in vulnerabilities and threats evolve as the technology landscape changes. The vulnerability landscape has changed tremendously over the last couple of years which has prompted many organizations to question whether their current methodologies for vulnerability management are sustainable moving forward.