You are viewing 'vulnerability management'
As an organization’s security posture grows, a number of responsibilities may fall under the umbrella of information security, whether it is under direct control of an information security program or delegated to another supporting IT department. One such responsibility is a vulnerable management program.
Vulnerability management is an important part of a matured information security program. At a high level, the objective of vulnerability management is to find and remediate all issues as they are identified. However, as you start examining the matter in-depth, you’ll find that you:
- Need to have a process in place to determine priorities
- Need to have more information than what a vulnerability scanner can provide
- Won’t always be able to fix vulnerabilities; fix what you can and mitigate the rest
As with any good story, we’ll leave that last item for a bit and focus on the top two for now. After all,... read more >
Next week many of us will gather to sit down for Thanksgiving dinner with family and friends to express gratitude and to give thanks. Many of us will overstuff our bellies and catch a football game. Whatever you and yours do, cybersecurity will – and probably should – be the last thing on your mind that day.
But that doesn’t mean enterprises can’t take some time to take note and express gratitude for significant security achievements this year.Be Thankful For:
An accurate baseline of enterprise IT assets and data.
You know your business-technology environment. You know what systems manage your most critical data, and what public and private clouds and software services support those systems. When it comes to your network, you know your network devices and applications online, including desktops, servers, operating systems, applications, routers, firewalls, wireless devices and... read more >
12th Consecutive Year as an ASV
Solutionary is pleased to announce that we have successfully completed the annual Payment Card Industry Approved Scanning Vendor (PCI ASV) lab certification test process for 2015-2016. This marks our 12th consecutive year as a PCI ASV. Solutionary has been helping clients remain in compliance with payment card standards as a certified scanning assessor prior to the formation of the PCI Security Standards Council (SSC) in 2006. As discussed in our previous blogs about our PCI certification, we do this every year not because we have to, or because clients have asked us to, but because is it the right thing to do and it will make our client’s lives easier. In addition, this year Solutionary not only successfully completed the PCI ASV certification, but we completed it using two separate unique platforms to give clients the flexibility of using different scan platforms. Sometimes you need a hammer, sometimes you need a... read more >
Actively patching can help remove active, known vulnerabilities
There is no “silver bullet” to security. No single, one security control which will answer all of our security woes.
But, time and time again, we hear of vulnerabilities which are affecting organizations, right now. A good example is the Adobe Flash Player vulnerability (CVE-2015-3113). If you check the details for the vulnerability, you can see that it has a CVSS score of 10. You can also see that it has been actively exploited in the wild; meaning attackers have been using it, and are using it right now.
This is a client system vulnerability. Adobe Flash Player runs on the user workstation. We all know that it can be difficult to keep all systems current, especially in a heterogeneous, geographically distributed environment.
But, Adobe has released a patch for this vulnerability, and applying that patch can remove a current, known threat from your environment. For more... read more >
Was Heartbleed at the Heart of This Health Care Breach?
Community Health Systems (CHS), a publically-held company operating 206 hospitals in 29 states, recently announced in an 8-K filing that it has become one of the latest victims of a major data breach. The filing revealed that the attack most likely occurred in April and June of 2014, compromising approximately 4.5 million records. This number surpasses the previous health care data breach record of 1.3 million records at the Montana Department of Public Health in May 2014.
While no credit card information was revealed, the attackers did gain access to non-medical personal health information (PHI) that included “patient names, addresses, birthdates, telephone... read more >