In some ways, IT is in a tough spot when it comes to reducing cyber risk. IT teams are usually responsible for remediating vulnerabilities within various asset groups. But even though IT groups ultimately own assets, they often don’t have full control over which assets end up where. End-user devices, for instance, have a tendency…
Today on Security Science, we have a special around the virtual table with some of the biggest names in cybersecurity discussing a wide range of topics like securing remote workers, whether companies really moving to the cloud, and the impact of the 2020 presidential election.
When it comes to cybersecurity, there’s a lot of conventional wisdom. Finance companies have a big target on their backs. Tech companies have the skills to get the job done. Manufacturing firms are insulated from danger with lots of custom and rare applications that few hackers would bother to develop exploits for. And the healthcare…
While the adoption of DevOps methodologies is helping, application security teams today still face unique challenges that aren’t shared by their security operations counterparts who protect the network. Security operations have clearly defined roles and responsibilities, partnering with infrastructure teams for remediation of the vulnerabilities that pose the most risk.
Traditional vulnerability-centric models leave you trying to narrow down the 30,000 “critical” vulnerabilities your scanner finds into a list short enough for your remediation team to manage. It’s time-consuming and inefficient. Register Now
In order to accurately assess your organization’s performance it’s important to have a starting point. A good one is how your industry peers are doing. To give the manufacturing sector data points to assess their vulnerability management performance we teamed up with our research partner, the Cyentia Institute, to leverage sample data from approximately 40+…
For effective vulnerability management you need the ability to quickly rate and prioritize vulnerabilities based on risk.
In order to accurately assess your organization’s performance it’s important to have a starting point. A good one is how your industry peers are doing. To give the healthcare sector data points to assess their vulnerability management performance we teamed up with our research partner, the Cyentia Institute, to leverage sample data from approximately 30…
In order to accurately assess your organization’s performance it’s important to have a starting point. A good one is how your industry peers are doing. To give the financial sector data points to assess their vulnerability management performance we teamed up with our research partner, the Cyentia Institute, to leverage sample data from approximately 100…
In order to accurately assess your organization’s performance it’s important to have a starting point. A good one is how your industry peers are doing. To give the technology sector data points to assess their vulnerability management performance we teamed up with our research partner, the Cyentia Institute, to leverage sample data from approximately 70…
So there you are, the head of a successful vulnerability management program that has driven your company’s risk scores to a level that is both manageable and acceptable. It’s been smooth sailing for the past year, and the days of chaos are but a memory. And then all of the sudden, the risk score jumps. …
We discuss the Exploit Prediction Scoring System (EPSS), the first open, data-driven framework for assessing vulnerability threat: that is, the probability that a vulnerability will be exploited in the wild within the first twelve months after public disclosure.
Earlier this year, my colleague Lindsey Compton, introduced the concept of risk-based service-level agreements (SLAs)—a new addition to Kenna.VM, our flagship risk-based vulnerability management solution. This is a first for our industry, so we’ve been engaging with customers and prospects on this new feature, answering any and all questions that pop up as folks get…
