You are viewing 'vulnerability management'

Public Vulnerability Disclosure

How long is too long?

Michael Born

March 09, 2017 - Posted by Michael Born to Security Insight

File Analysis

There has been a lot of chatter on social media lately surrounding the topic of public vulnerability disclosure. Doing a quick Google search, I found a ton of resources, discussions and blog posts available, covering different ways to properly disclose a vulnerability. Several are listed below:

  1. http://www.cert.org/vulnerability-analysis/vul-disclosure.cfm
  2. https://www.dhs.gov/xlibrary/assets/vdwgreport.pdf
  3. http://www.ccssforum.org/disclosure-guidelines.php
  4. ...
read more >

eSymposium: Tackling Vulnerabilities

Zach Holt

May 03, 2016 - Posted by Zach Holt to Security Insight

Tackling Vulnerability Management

As an organization’s security posture grows, a number of responsibilities may fall under the umbrella of information security, whether it is under direct control of an information security program or delegated to another supporting IT department. One such responsibility is a vulnerable management program.

Vulnerability management is an important part of a matured information security program. At a high level, the objective of vulnerability management is to find and remediate all issues as they are identified. However, as you start examining the matter in-depth, you’ll find that you:

  • Need to have a process in place to determine priorities
  • Need to have more information than what a vulnerability scanner can provide
  • Won’t always be able to fix vulnerabilities; fix what you can and mitigate the rest

As with any good story, we’ll leave that last item for a bit and focus on the top two for now. After all,... read more >

Five Things Enterprises with Mature Security Programs Should be Thankful for this Thanksgiving

George Hulme

November 18, 2015 - Posted by George Hulme to Security Insight

Give Thanks

Next week many of us will gather to sit down for Thanksgiving dinner with family and friends to express gratitude and to give thanks. Many of us will overstuff our bellies and catch a football game. Whatever you and yours do, cybersecurity will – and probably should – be the last thing on your mind that day.

But that doesn’t mean enterprises can’t take some time to take note and express gratitude for significant security achievements this year.

Be Thankful For:

An accurate baseline of enterprise IT assets and data.

You know your business-technology environment. You know what systems manage your most critical data, and what public and private clouds and software services support those systems. When it comes to your network, you know your network devices and applications online, including desktops, servers, operating systems, applications, routers, firewalls, wireless devices and... read more >

Solutionary Earns PCI ASV Certification

12th Consecutive Year as an ASV

Court Little

September 29, 2015 - Posted by Court Little to Security News

PCI SSC ASV

Solutionary is pleased to announce that we have successfully completed the annual Payment Card Industry Approved Scanning Vendor (PCI ASV) lab certification test process for 2015-2016. This marks our 12th consecutive year as a PCI ASV. Solutionary has been helping clients remain in compliance with payment card standards as a certified scanning assessor prior to the formation of the PCI Security Standards Council (SSC) in 2006. As discussed in our previous blogs about our PCI certification, we do this every year not because we have to, or because clients have asked us to, but because is it the right thing to do and it will make our client’s lives easier. In addition, this year Solutionary not only successfully completed the PCI ASV certification, but we completed it using two separate unique platforms to give clients the flexibility of using different scan platforms. Sometimes you need a hammer, sometimes you need a... read more >

Patch Like You Mean It

Actively patching can help remove active, known vulnerabilities

Jon-Louis Heimerl

July 06, 2015 - Posted by Jon-Louis Heimerl to Security Insight

Solutionary Minds Blog

There is no “silver bullet” to security. No single, one security control which will answer all of our security woes.

But, time and time again, we hear of vulnerabilities which are affecting organizations, right now. A good example is the Adobe Flash Player vulnerability (CVE-2015-3113). If you check the details for the vulnerability, you can see that it has a CVSS score of 10. You can also see that it has been actively exploited in the wild; meaning attackers have been using it, and are using it right now.

This is a client system vulnerability. Adobe Flash Player runs on the user workstation. We all know that it can be difficult to keep all systems current, especially in a heterogeneous, geographically distributed environment.

But, Adobe has released a patch for this vulnerability, and applying that patch can remove a current, known threat from your environment. For more... read more >

1 | 2 | 3 | 4 | 5 | 6 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS