Category: Vulnerability

  • ikanow-take-back-control-video

    Video: Take Back Control of Your Information Security

    The numbers are staggering. PWC reported there were 60 million information security attacks on enterprises last year and CyberEdge Group found over 70% of all companies were breached. The attack surface has expanded rapidly as the number of managed devices increased another 72% over 2014 according to Cisco. According to IBM and CSO, the typical enterprise has between 60-85 information security tools to manage.  It’s no wonder information security teams feel like they have less control. Click the video below to learn more. If you would like to go deeper…

  • cves-exploited-2015-500x459

    What to do When You Can’t Patch a Vulnerability

    The Verizon DBIR has a lot to say about vulnerabilities. One of the more interesting topics is the large number of 2015 vulnerability exploits that were more than a year old. In a footnote the DBIR authors comment that “Those newly exploited CVEs, however, are mostly – and consistently – older than one year.” The data show that more than 90% of exploited vulnerabilities in 2015 were more than one-year-old and nearly 20% were published more than 10 years ago.   This data is consistent from year-to-year. In 2014, more…

  • prioritizing-security-risk-infosec square

    Known Knowns: The Problem with Vulnerabilities and Unmeasured Risk

    Vulnerabilities are growing faster than information security staff capacity. There was a time when knowing your vulnerabilities was the critical challenge in protecting the enterprise. Today, there are many tools that provide near real-time access to vulnerability notification. The question is no longer, “what are my vulnerabilities?” The more important question is, “what is my greatest risk?” If you had sufficient capacity to quickly patch all vulnerabilities, risk wouldn’t be an issue. All vulnerabilities would be closed before risk became a factor for consideration. That is not where most enterprises…

  • data-analytics copy

    Information Security Analytics and Encryption – no false dilemma here

    Why would someone create a false choice between analytics or encryption? Well an editor at Dark Reading might decide it’s worthy of clickbait headlines. Thus, we see the following headline yesterday: “As Good as They’re Getting, Analytics Don’t Inherently Protect Data.” This comes courtesy of Scott Petry, CEO of Authentic8. The crux of Mr. Petry’s thesis is that analytics solutions can only detect breaches but they cannot secure data that has already been stolen. True enough. But wouldn’t you want to detect breaches before data is exfiltrated? He does concede…