Making One IT Auditor Seem Like Fifty
I worked for a number of years in a medium sized enterprise and watched as frustrated and overworked auditors asked if a finding had been remediated from a previous audit, or requested systems to...
View ArticleVulnerability Management Is About Continuous Improvement
When starting or improving a vulnerability management program, you may want to leverage a tool to assist you in parsing the sometimes overwhelming amount of data produced when evaluating your...
View ArticleIs your Vulnerability Management program enhancing your SIEM?
You may have read Jimmy Vo’s account of starting out as a Security Operations Center analyst on our blog a few days ago. He mentioned integrating vulnerability management solutions like the QualysGuard...
View ArticleOffense Is Exciting, But Defense Wins Championships
Many people watched the Super Bowl game recently, pitting the league’s best offense versus the league’s best defense. This was supposed to be the ultimate test of the Denver Broncos’ record-setting...
View ArticleReporting on the Mountain of Vulnerability Data
So you have the vulnerability scanner installed, you’ve run all your scans and you have a giant amount of data to sift through. The next thing that usually happens is that your sponsor starts asking...
View ArticleDoes Your Vulnerability Management Team Know They’re a Team?
When starting up a Vulnerability Management program, an often overlooked part is creating the team that is responsible for the program. Many times companies focus on the patches that have to be pushed...
View ArticleHow Are You Monitoring for Vulnerabilities?
A recent Tenable Network Security survey of 400 European companies with over 500 employees included a statistic that was interesting. The survey called “The State Of Metric Based Security” included the...
View ArticleBsides Nashville Launches to an Overwhelmingly Positive Reception
The weekend of May 16 – 18 took me on my first visit to Nashville, TN. I was presenting for the first time this year on “Beating the Infosec Learning Curve Without Burning Out”. This was the first run...
View ArticleYour SIEM Should Be Enhancing Your Vulnerability Management Program
A few months ago I wrote, “Is Your Vulnerability Management program Enhancing Your SIEM?” The blog detailed how the vulnerability management program should be feeding the monitoring analysts with data...
View ArticleAsset Management Is A Cornerstone Of Vulnerability Management
Many vulnerability programs, I have worked with, understood the value patch management brings to the overall program. The patch is identified, rolled out, and validated that the vulnerability no longer...
View Article“Madison Avenue – Esqe” Vulnerability : POODLE
An increasing trend in vulnerability disclosure is dubbing each flaw with a catchy name and a Madison Avenue-esqe marketing campaign. We’ve had Shellshock, Heartbleed and new in the last couple weeks,...
View ArticleThe Frequently Overlooked Security Practice of Configuration Management
In a previous blog post, I discussed how Asset Management is a cornerstone of any good Vulnerability Management program. I’ve also discussed patching in multiple blogs. The area often overlooked during...
View ArticleVulnerability Management vs. Vulnerability Assessment
Item 4 of the SANS 20 Critical Security Controls details the need for a Continuous Vulnerability Assessment and Remediation program. The “and” in this description is the basis for a Vulnerability...
View ArticleThere’s No Such Thing As A (Patching) Free Lunch
A lot of emphasis has been placed on getting companies to patch timely when a vulnerability is discovered. While “timely” has been debated and may mean different things to different people, it’s...
View ArticleReporting on the Mountain of Vulnerability Data
So you have the vulnerability scanner installed, you’ve run all your scans and you have a giant amount of data to sift through. The next thing that usually happens is that your sponsor starts asking...
View ArticleDoes Your Vulnerability Management Team Know They’re a Team?
When starting up a Vulnerability Management program, an often overlooked part is creating the team that is responsible for the program. Many times companies focus on the patches that have to be pushed...
View ArticleHow Are You Monitoring for Vulnerabilities?
A recent Tenable Network Security survey of 400 European companies with over 500 employees included a statistic that was interesting. The survey called “The State Of Metric Based Security” included the...
View ArticleBsides Nashville Launches to an Overwhelmingly Positive Reception
The weekend of May 16 – 18 took me on my first visit to Nashville, TN. I was presenting for the first time this year on “Beating the Infosec Learning Curve Without Burning Out”. This was the first run...
View ArticleYour SIEM Should Be Enhancing Your Vulnerability Management Program
A few months ago I wrote, “Is Your Vulnerability Management program Enhancing Your SIEM?” The blog detailed how the vulnerability management program should be feeding the monitoring analysts with data...
View ArticleAsset Management Is A Cornerstone Of Vulnerability Management
Many vulnerability programs, I have worked with, understood the value patch management brings to the overall program. The patch is identified, rolled out, and validated that the vulnerability no longer...
View Article
