Sign up for our weekly newsletter!
REGISTER NOW
Comments
Newest First | Oldest First | Threaded View
Page 1 / 2   >   >>
Michelle
Michelle
1/31/2019 10:24:45 PM
User Rank
Guardian
Re: Models
High-cost consulting is the only way to learn things you already know...

50%
50%
ms.akkineni
ms.akkineni
1/31/2019 8:38:18 PM
User Rank
Guardian
Re: Ratio
Agree with you @Taimoor that percent looks very high to me which doesn't typically happen in real world.

50%
50%
ms.akkineni
ms.akkineni
1/31/2019 8:36:36 PM
User Rank
Guardian
Re: Models
That is absolutely true. In some cases a decision is made by a higher up who may not have an idea of what they are deaing with and what potentially they may have to deal in future if that decision is made. I believe that's where the gap is which is creating problems many times.

50%
50%
ms.akkineni
ms.akkineni
1/31/2019 8:34:39 PM
User Rank
Guardian
Re: Models
Strongly agree. It is very true that companies need to prioritize based on risk assessment level. They can build a plan as per levels of risk and follow the plan to rollout required updates etc.

50%
50%
Joe Stanganelli
Joe Stanganelli
1/31/2019 6:15:10 PM
User Rank
Author
Re: Models
@Taimoor: Unfortunately, that never happens without a decision by higherups to bring in a super-expensive consulting firm to tell you the stuff you already know or should already know.

50%
50%
LarryLoeb
LarryLoeb
1/31/2019 8:09:45 AM
User Rank
Author
Re: Ratio
@TaimoorZubair

I don't have any data on that.

One would hope so, though.

50%
50%
TaimoorZubair
TaimoorZubair
1/31/2019 8:09:03 AM
User Rank
Guardian
Re: Models
"The problem with "patch everything" is that it seems so overwhelming that IT departments just don't listen -- or, they fail to prioritize because they assume they'll get to everything eventually (but then don't)."

@Joe: Agreed. The "patch everything (and forget)" is the deadliest disease that most IT departments face. Forget the tomorrow, if it's working now, let it be - this is the mantra most seem to follow. I think what you need is an audit of the quality of resolutions done by the IT workforce. It's not enough to close a ticket and get a positive user feedback. Someone needs to analyze whether this was a right solution implemented or just a quick hack/patch.

50%
50%
TaimoorZubair
TaimoorZubair
1/31/2019 8:03:00 AM
User Rank
Guardian
Ratio
"About one-third -- 32.3% -- of vulnerabilities are remediated within 30 days of discovery. Half of all vulnerabilities aren't patched within 90 days."

@Larry: 32% ratio of fixing the vulnerabilitities in 30 days is still pretty less I think. It'd be interesting to see how many of these were critical ones which extended beyond 30 days. However, has the ratio increased over the years? Is there any improvement in terms of speed?

50%
50%
Joe Stanganelli
Joe Stanganelli
1/24/2019 1:24:07 AM
User Rank
Author
Re: Models
@Larry: And that's to say nothing of applying said patches to a virtualized testbed to make sure they won't break anything! (As VZ learned the hard way a few years ago.)

50%
50%
LarryLoeb
LarryLoeb
1/23/2019 7:55:55 AM
User Rank
Author
Re: Models
@Joe Stanganelli

Yes, quite true.

When I was conversing with these guys, I asked them which of the subset of the vulnerability universe they would work on.

Their answer was always that it depended on the risk assessment for one's particular situation.

That means to me that you need someone looking at everything, and able to perform such an assessment. Tough job

50%
50%
Page 1 / 2   >   >>


Latest Articles
There is a protocol in Windows that has been around since the days of Windows XP, which has been found to be insecure.
Establishing a business-focused security assurance program is a long-term, ongoing investment.
A syntax construct inside the TCL language is allowing injection attacks to occur.
Saefko does stuff. Lots of stuff.
The socio-economic, legal and ethical impacts of AI must be carefully addressed, says the European Commission.
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
Radio Shows
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with