Using the NIST Cybersecurity Framework in Your Vulnerability Management Process

The NIST Cybersecurity Framework was first drafted by the National Institute of Standards and Technology in 2014, with the latest version, version 1.1, following in 2018. It provides a set of guidelines for organizations looking to improve their overall security posture, particularly when it comes to risk management. The core tenets of the Framework can…

Read More

Penetration Testing vs Vulnerability Assessments for Vulnerability Management

A vulnerability is a flaw or weakness in a system that, if exploited, would allow a user to gain unauthorized access to conduct an attack. Vulnerability management is the process of identifying, prioritizing, mitigating, and reporting on vulnerabilities to proactively reduce your cyber risk. The first step of that process, identifying, is where vulnerability assessments…

Read More

Best Practices for Network Vulnerability Management

Best practices for vulnerability management really start with the network. By definition, network vulnerability management touches all aspects of your environment, every connected device, operating system, hardware, software, firewalls, and more. An unsecured Wi-Fi router, an IoT device with over permissive access control, or a firewall misconfiguration could be an entry point for an attacker…

Read More

Using the SANS Vulnerability Management Maturity Model in Your Vulnerability Management Process

It is likely that you already have a vulnerability management process in place, but perhaps you’d like to rate the effectiveness of that program and identify areas that you can improve. The SANS Vulnerability Management Maturity Model is a chart that can help you categorize your current program capabilities and develop a roadmap for improvement….

Read More

Automating Vulnerability Management: From Detection to Remediation

In 1999, the year that the CVE database officially began, there were 894 vulnerabilities identified. In 2021, there were 20,150. The number of vulnerabilities discovered each year has skyrocketed in the last few years, making vulnerability management an increasingly daunting task. With no way to remediate every vulnerability in their systems, security teams are focused…

Read More