Does Your Vulnerability Management Team Know They’re a Team?
When starting up a Vulnerability Management program, an often overlooked part is creating the team that is responsible for the program. Many times companies focus on the patches that have to be pushed...
View ArticleHow Are You Monitoring for Vulnerabilities?
A recent Tenable Network Security survey of 400 European companies with over 500 employees included a statistic that was interesting. The survey called “The State Of Metric Based Security” included the...
View ArticleBsides Nashville Launches to an Overwhelmingly Positive Reception
The weekend of May 16 – 18 took me on my first visit to Nashville, TN. I was presenting for the first time this year on “Beating the Infosec Learning Curve Without Burning Out”. This was the first run...
View ArticleYour SIEM Should Be Enhancing Your Vulnerability Management Program
A few months ago I wrote, “Is Your Vulnerability Management program Enhancing Your SIEM?” The blog detailed how the vulnerability management program should be feeding the monitoring analysts with data...
View ArticleAsset Management Is A Cornerstone Of Vulnerability Management
Many vulnerability programs, I have worked with, understood the value patch management brings to the overall program. The patch is identified, rolled out, and validated that the vulnerability no longer...
View Article“Madison Avenue – Esqe” Vulnerability : POODLE
An increasing trend in vulnerability disclosure is dubbing each flaw with a catchy name and a Madison Avenue-esqe marketing campaign. We’ve had Shellshock, Heartbleed and new in the last couple weeks,...
View ArticleThe Frequently Overlooked Security Practice of Configuration Management
In a previous blog post, I discussed how Asset Management is a cornerstone of any good Vulnerability Management program. I’ve also discussed patching in multiple blogs. The area often overlooked during...
View ArticleVulnerability Management vs. Vulnerability Assessment
Item 4 of the SANS 20 Critical Security Controls details the need for a Continuous Vulnerability Assessment and Remediation program. The “and” in this description is the basis for a Vulnerability...
View ArticleThere’s No Such Thing As A (Patching) Free Lunch
A lot of emphasis has been placed on getting companies to patch timely when a vulnerability is discovered. While “timely” has been debated and may mean different things to different people, it’s...
View ArticleWindows Update for Business
An announcement at Microsoft’s Ignite conference in May potentially shifted how patches are applied to Microsoft Windows systems in the future. The “Windows Update for Business” service is designed to...
View Article
