With the end of the year, it’s prime time to reflect on vulnerability trends since the start of the decade.
However you flip the number of recorded vulnerabilities in a given year, the number is at once humbling and noteworthy. We know that both actions – remediating all vulnerabilities and prioritizing a high-severity security flaw in a little-used, low-value system over a medium-severity security hole in a mission-critical system – leave your company’s most important assets exposed.
A key part of any risk assessment framework, vulnerability intelligence enables organizations to consider the broader picture when assessing a given vulnerability or set of vulnerabilities. Vulnerability intelligence providers consolidate data from multiple sources – both external and internal – and then offer a contextualized assessment of organizational risk. This can drastically tip the scales in your favor when facing mitigation or remediation.
As a CISO or Security Manager, you understand your organization’s need to remain one step ahead of cybercriminals searching for gaps in your security posture. The market is flooded with solutions for dealing with vulnerabilities and the challenge continues to be understanding the ways to best prioritize and manage the vulnerabilities. But first, to keep your organization safe, it’s imperative that you understand the differences between the three main types of security solutions: vulnerability assessment, vulnerability management, and vulnerability remediation tools.
In its 2018 “Global Risks Report,” the World Economic Forum – a prominent international policy think-tank – ranked cyber threats just below extreme weather events and natural disasters.
For several months in early 2018, you could not open a browser without seeing news about Spectre and Meltdown – the variants of a vulnerability built in to just about every computer chip on the planet. Discovered in late 2017 by researcher Michael Schwarz at Graz University of Technology in Austria, Spectre and Meltdown actually comprise three vulnerabilities (CVE-2017-5715, CVE-2017-5753 and CVE-2017-5754).
With proper cyber hygiene, you can control IT processes - rather than being controlled by endless (and unhygienic) vulnerabilities.
Just five years ago, the vulnerability landscape looked markedly different. There were fewer vulnerabilities to patch and risk was far lower - since most systems were still on-premise and the overall cyber-threat climate was calmer.
Topics: vulnerability remediation
As we discussed in a previous post, a tsunami of known vulnerabilities is flooding businesses worldwide. In fact, the number of vulnerabilities reported to date in 2018 (8138 as of this writing) far outstrips the total number of vulnerabilities reported in all of 2016 (6447). We’re only halfway through the year, so it’s fair to estimate that the total for EOY 2018 will top last year’s record of over 14,600 reported vulnerabilities.
Enterprises are understandably concerned about the management and remediation of so many vulnerabilities with such detrimental potential. Risk analysis services and technologies offered by both veteran and newer players are among the solutions CSOs and other network stakeholders are considering. In this post, we’ll take a look at these services, and examine their (few) pluses and (very prominent) minuses.
Topics: vulnerability remediation
With nearly 15,000 new vulnerabilities discovered in 2017, and even more expected this year – the competition for ‘worst vulnerability’ is a tough one to judge. The discovery of serious, severe or even critical vulnerabilities is a daily occurrence – and thus ranking them by level of infamy is an elusive challenge.