Articles about Vulnerability management

Security and compliance specialist Qualys is releasing the latest version of its Vulnerability Management, Detection and Response (VMDR) solution with TruRisk, which offers risk-based vulnerability management for insights into an organization's unique risk posture, allowing it to prioritize its most critical threats.

Qualys VMDR 2.0 gives security and IT teams a shared context and the ability to create workflows via drag and drop technology to quickly align and respond to threats.

Continue reading →

Recent vulnerabilities like Log4j have highlighted how difficult it can be to manage risks and ensure that software patches are kept up to date.

We spoke to Rob Gurzeev, CEO of attack surface management specialist CyCognito, to discuss the challenges involved and how to deal with them.

Continue reading →

Organizations are taking nearly two months to remediate critical risk vulnerabilities, with an average mean time to remediate (MTTR) across of 60 days.

A new report from smart vulnerability management firm Edgescan, based on analysis of over 40,000 web application and API assessments, three million network endpoint assessments, and circa 1000 penetration tests, finds high rates of known, patchable vulnerabilities that have working exploits in the wild.

Continue reading →

Operational technology and industrial control systems saw a 110 percent increase in the number of vulnerabilities disclosed in the second half of last year.

The latest Biannual ICS Risk & Vulnerability Report from Claroty shows that remotely exploitable vulnerabilities are still causing problems, demonstrating the importance of securing remote connections.

Continue reading →

Cyberattacks come in many different forms and it’s important for businesses to understand where they're vulnerable in order to mount an effective defense.

We spoke to Ed Williams, cybersecurity specialist at Trustwave, to find out more about vulnerability management, why it's important and how it fits into an organization's overall security strategy.

Continue reading →

Risk Based Security (RBS) has today released its 2021 Year End Vulnerability QuickView Report showing that a total of 28,695 vulnerabilities were disclosed last year.

This the highest number recorded to date. Now that the vulnerability disclosure landscape has moved past the COVID-19 pandemic, RBS predicts that the number of vulnerabilities disclosed will continue to rise year-on-year in future.

Continue reading →

The use of SaaS-based applications and systems has taken off in recent years, but that surge has highlighted a problem in the form of a lack of standardization for software descriptions across all types of systems.

This makes it much harder for IT teams to assess vulnerability levels across all the packages in an enterprise. But what risks does this pose and how can businesses tackle the problem? We spoke with Peter Lund, VP at operational technology cybersecurity company Industrial Defender, to discover more.

Continue reading →

The saying "too many cooks spoils the broth" could well be true in the case of how we currently approach vulnerability management (VM). The process around vulnerabilities has become increasingly complex, with high levels of pressure to ensure that it is done right.

Vulnerabilities have long been one of the most prominent attack vectors, yet so many are left unpatched by organizations of every size and across every vertical -- the root of catastrophic issues. The Ponemon Institute conducted a recent study that found almost half of respondents (48 percent) reported that their organizations had one or more data breaches in the past two years. In addition, the discovery of high-risk vulns in 2020 alone, has drastically increased by 65 percent -- ultimately alluding to the fact that breaches could potentially become increasingly impactful. The longer a vulnerability remains present, the higher the chance that it will be exploited by bad actors.

Continue reading →