Recorded Webinar: Sweeten up your approach! Vulnerabilities and knowing exactly where to look.
Live webinar November 10, 2021 10:30AM PST / 1:30PM EST
SPEAKER: Kirk Hogan, CIO, Iceberg
SPEAKER: Allan Liska, CSIRT, Recorded Future
(Sweeten up your vulnerability approach and attend this session – following this informative talk, we will add a fun segment, led by a pastry chef, taking you through a pumpkin spice cupcake experience. Register early, as pumpkin spice cupcakes kits are limited! We will confirm your shipping address with you after registration.)
How do you get to the best vulnerability prioritization for your organization? How do you know which vulnerable spots are, in fact, the MOST critical? Which best practices of management and tools can help you elevate your approach?
Join Kirk Hogan, CIO, Iceberg and Allan Liska, CSIRT, Recorded Future, as they explore these questions and more around vulnerability assessment and management:
Traditional prioritization uses the NVD data presented with each vulnerability (CVE vector information) which represents a snapshot at the time the vulnerability was discovered / published. CVSS severity is sometimes being used as a proxy for a risk score (which it is not), and other times combined with other internal parameters like business criticality of the vulnerable asset or exploit skill level. The challenge with any of these methods, is that it misses what is happening in the real world, and the real-world changes constantly.
And coupled with that, threat actors are very smart. They understand that most vulnerability management programs address critical vulnerabilities on the most critical assets first, and by the time organizations get to anything below this point, they have already left other vulnerabilities unattended.
There are options
What if you could inject threat intelligence into your risk scoring every day that considered whether real threat actors in the real world are exploiting these lower severity vulnerabilities in their kill chain? Using the Recorded Future Vulnerability Intelligence feed and an ‘operationally ready ServiceNow integration’, this is possible NOW.
The effect is amazing – we can show you how!
Need some more info?
Check out our Ask the Expert videos in this series, that we prepared with this webinar content:
Ask the Expert Part 1: Why CVSS isn’t enough?
Ask the Expert Part 2: How can I make my vulnerability solution more responsive?
Ask the Expert Part 3: How do you level up your vulnerability management?
Ask the Expert Part 4: What is the difference between vulnerability management and attack surface management?