Adding Value to Vulnerability Management Programs (a gratuitous plug for a GuidePoint partner, but that doesn’t mean its not worth reading…)

Apr 8, 2016

Share with Your Network

I’ve spent the better part of a decade working in and around the Vulnerability Management (VM) community, talking to solution providers and security practitioners responsible for identifying, prioritizing and ultimately remediating vulnerabilities in their environments.  Overwhelmingly, the biggest challenge these organizations face with their VM programs, is making sense of all the data.  As many of us involved in the VM process know, identifying vulns (either through scanning, or the increasingly popular end point agents) is the easy part.  What to do with the information once its gathered is the real challenge…with one of the main challenges being the prioritization of remediation activities.

That said, yesterday, around 4:52am–which was well before most others were writing or talking about it–one of our partners, Kenna Security, started to see successful exploits in the wild for the very recent Adobe Flash vulnerability, CVE-2016-1019.  They saw another large spike in successful exploits around 10:00am this morning. While it doesn’t sound like they’ve seen publicly available exploits yet, via the exploit kits they track, it likely won’t take long for them to begin showing up. The number of successful exploits are slow but steady and will pick up once the exploit is made public. They are tracking the volume of successful exploits here:

The Kenna platform provides their customers, that have CVE-2016-1019 in their environment, the real time insight and intelligence to know exactly when that vulnerability became a real threat to their organization. They then quantify what that threat means to their organization in terms of risk and provide them with an analysis of the impact that the proper remediation actions would have on their overall risk posture. Furthermore, they do this all the time–even with old, unnoticed vulnerabilities that don’t get as much press as CVE-2016-1019. Their customers have an opportunity to be forewarned and forearmed–before many others.

Vulnerability Management programs should continue to be a necessary component of any well thought out security program for the foreseeable future.  Through expertise in the industry, and partners like Kenna Security, GuidePoint hopes to be able to assist its customers in demonstrating increased efficiency and value from their investment in these security technologies.


© 2022 Kenna Security. All Rights Reserved. Privacy Policy.