Sign up for our weekly newsletter!
REGISTER NOW
Comments
Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
Michelle
Michelle
1/31/2019 10:24:45 PM
User Rank
Guardian
Re: Models
High-cost consulting is the only way to learn things you already know...

50%
50%
ms.akkineni
ms.akkineni
1/31/2019 8:38:18 PM
User Rank
Guardian
Re: Ratio
Agree with you @Taimoor that percent looks very high to me which doesn't typically happen in real world.

50%
50%
ms.akkineni
ms.akkineni
1/31/2019 8:36:36 PM
User Rank
Guardian
Re: Models
That is absolutely true. In some cases a decision is made by a higher up who may not have an idea of what they are deaing with and what potentially they may have to deal in future if that decision is made. I believe that's where the gap is which is creating problems many times.

50%
50%
ms.akkineni
ms.akkineni
1/31/2019 8:34:39 PM
User Rank
Guardian
Re: Models
Strongly agree. It is very true that companies need to prioritize based on risk assessment level. They can build a plan as per levels of risk and follow the plan to rollout required updates etc.

50%
50%
Joe Stanganelli
Joe Stanganelli
1/31/2019 6:15:10 PM
User Rank
Author
Re: Models
@Taimoor: Unfortunately, that never happens without a decision by higherups to bring in a super-expensive consulting firm to tell you the stuff you already know or should already know.

50%
50%
LarryLoeb
LarryLoeb
1/31/2019 8:09:45 AM
User Rank
Author
Re: Ratio
@TaimoorZubair

I don't have any data on that.

One would hope so, though.

50%
50%
TaimoorZubair
TaimoorZubair
1/31/2019 8:09:03 AM
User Rank
Guardian
Re: Models
"The problem with "patch everything" is that it seems so overwhelming that IT departments just don't listen -- or, they fail to prioritize because they assume they'll get to everything eventually (but then don't)."

@Joe: Agreed. The "patch everything (and forget)" is the deadliest disease that most IT departments face. Forget the tomorrow, if it's working now, let it be - this is the mantra most seem to follow. I think what you need is an audit of the quality of resolutions done by the IT workforce. It's not enough to close a ticket and get a positive user feedback. Someone needs to analyze whether this was a right solution implemented or just a quick hack/patch.

50%
50%
TaimoorZubair
TaimoorZubair
1/31/2019 8:03:00 AM
User Rank
Guardian
Ratio
"About one-third -- 32.3% -- of vulnerabilities are remediated within 30 days of discovery. Half of all vulnerabilities aren't patched within 90 days."

@Larry: 32% ratio of fixing the vulnerabilitities in 30 days is still pretty less I think. It'd be interesting to see how many of these were critical ones which extended beyond 30 days. However, has the ratio increased over the years? Is there any improvement in terms of speed?

50%
50%
Joe Stanganelli
Joe Stanganelli
1/24/2019 1:24:07 AM
User Rank
Author
Re: Models
@Larry: And that's to say nothing of applying said patches to a virtualized testbed to make sure they won't break anything! (As VZ learned the hard way a few years ago.)

50%
50%
LarryLoeb
LarryLoeb
1/23/2019 7:55:55 AM
User Rank
Author
Re: Models
@Joe Stanganelli

Yes, quite true.

When I was conversing with these guys, I asked them which of the subset of the vulnerability universe they would work on.

Their answer was always that it depended on the risk assessment for one's particular situation.

That means to me that you need someone looking at everything, and able to perform such an assessment. Tough job

50%
50%
Page 1 / 2   >   >>


Latest Articles
The Internet is going to run out of address space sometime this month.
Confiant has spotted the known threat actor eGobbler back in action.
Israeli-based Cyberint has found evidence of remote access Trojans being used in attacks on financial entities in the United States as well as worldwide.
Sources say that the company was being used as the start of 'digital fishing expeditions targeting at least a dozen Wipro customer systems.'
Bromium has uncovered US-based web servers that are being used to host and distribute these kinds of malware including banking trojans, information stealers and ransomware.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading - an Informa business, trading within KNect365 US, Inc. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with