New Episode: We Need to Get Proactive About Vulnerability Management

This week we’re talking vulnerability management, both the challenges and benefits of getting proactive about risk. Here’s a taste of the conversation.

Want to save yourself a huge headache? Don’t even think about trying to eliminate all the vulnerabilities in your systems. It’s an extremely unhealthy obsession, says Nick Brown, senior engineer at True Zero Technologies, a veteran-owned cybersecurity and consulting service.

“If you’re just looking at that number, you’ll be banging your head against the wall for a long time, and it’s going to hurt,” he says. “The biggest misconception is that you will hit zero.”

Don’t just react to vulnerabilities – take a proactive stance with solid intel backed by precise real-time data and autonomous power.

More than 29,000 common vulnerabilities and exposures – CVEs for short – were documented worldwide in 2023. That averages out to about 80 a day, but only a small fraction are actually going to be exploited by cybergangs and pose a real problem to your enterprise.

[LISTEN TO THE FULL EPISODE: Ep. 16 – We Need to Get Proactive About Vulnerability Management]

So how do you identify which ones, when you’ve got new endpoints coming online every day, even every hour? How do you manage and prioritize? It’s about relevance and criticality, not just the CVSS (Common Vulnerability Scoring System ) score, says Brown.

He tells clients: “High vulnerabilities are important, and critical vulnerabilities are important, but already-exploited vulnerabilities or – my favorite – when a vulnerability that has a very low score and has existed forever that you didn’t worry about because you didn’t get to the bottom of the list is all of a sudden exploited. That changes the whole [situation].”

If you’re just looking at that number, you’ll be banging your head against the wall for a long time, and it’s going to hurt.

FOR MORE EPISODES

By tuning in to Let’s Converge, you’re joining a community of like-minded individuals who are passionate about cybersecurity. We’ll drop a fresh episode every week – and at just 20 minutes or so, it’s easy to stay informed without hours of listening.

• Ep. 15: It’s Tougher Than Ever to Be a CISO – and It’s Time to Admit It
• Ep. 14: How to Lead a Threat Intelligence Team | Tanium
• Ep. 13: Do You Need to Hire a Chief AI Officer? | Tanium
• Or check out our gallery of earlier episodes here – Informative and provocative discussions about data privacy (why it pays to take it seriously), ChatGPT (the hype and the hope), automation (security’s best kept secret), ransomware negotiation (to pay or not to pay), and much, much more.