Entries Tagged as 'vulnerability assessment'
by Anton Chuvakin | March 21, 2012 | 17 Comments
If you are done reading my “Vulnerability and Security Configuration Assessment Solutions Comparison”, time to start on the next opus grandioso. My “Vulnerability Management Practices and Vulnerability Assessment Technology” just published. If the first one was about market trends and vendors, this one is a deep-dive into today’s vulnerability assessment (VA) technology. It covers how [...]
Category: security vulnerability management Tags: security, vulnerability assessment, vulnerability management
by Anton Chuvakin | March 8, 2012 | 1 Comment
One of the three vulnerability assessment papers I’ve been working on published today. “Vulnerability and Security Configuration Assessment Solutions Comparison” is an in-depth look at vulnerability assessment tools used by enterprises. The report also sheds lights at a few areas of vulnerability assessment (and broader vulnerability management): assessment of emerging environments (such as cloud, mobile [...]
Category: announcement security vulnerability management Tags: security, vulnerability assessment, vulnerability management
by Anton Chuvakin | December 16, 2011 | 2 Comments
PCI DSS and vulnerability scanning are maybe not brothers, but definitely close relatives. PCI DSS mandates that scanning actually happens on schedule, while vulnerability assessment helps find the holes that attackers may exploit to steal the card data. So, this post is a reminder about the topic in general as well as about the fact [...]
Category: PCI DSS security vulnerability management Tags: PCI compliance, PCI DSS, vulnerability assessment, vulnerability management
by Anton Chuvakin | November 14, 2011 | 2 Comments
This is about “clouds”, so everybody must read it Specifically, this was inspired by this insightful LinkedIn discussion about large-scale vulnerability management where many notable VA/VM personalities chimed in (BTW, note the reference to “the egg laying milk-wool pig” there… if you have to). In this post, I wanted to share a few quick [...]
Category: security vulnerability management Tags: security, vulnerability assessment, vulnerability management
by Anton Chuvakin | October 31, 2011 | 1 Comment
Vulnerability management is very easy, really. Get a scanner, scan a system, peruse the report listing all the flaws, then go and fix them. Done! Risk is presumably reduced and/or compliance is restored (e.g. in case of PCI DSS and fixing severe vulnerabilities with high CVSS scores). Now, imagine the same process that attempts to [...]
Category: compliance security vulnerability management Tags: vulnerability assessment, vulnerability management
by Anton Chuvakin | October 17, 2011 | 1 Comment
First, I want to thank my readers for a lot of insightful comments to my previous post: “On Vulnerability Prioritization and Scoring.” It helped me refine some of the key ideas for my current research project. Here is my second post in the series, covering another current and interesting area in vulnerability management: scanning “new” [...]
Category: security vulnerability management Tags: security, vulnerability assessment, vulnerability management
by Anton Chuvakin | October 6, 2011 | 12 Comments
I am starting my new research project for Q4 2011 (stepping briefly away from PCI DSS compliance): on vulnerability management. As I am going through existing Gartner coverage of the matter (tools, practices) as well as recent customer calls on the subject, one interesting theme emerges: vulnerability prioritization for remediation presents THE critical problem to [...]
Category: security vulnerability management Tags: security, vulnerability assessment, vulnerability management
