Comprehensive Software Reviews to make better IT decisions
Department of Defense Seeks Improved Patch Management Tech: Why You Should Care
On January 15, 2020, the Department of Defense (DoD), through its Defense Innovation Unit (DIU), issued an open call to vendors to fulfill a contract to help improve their technology and inventory management. According to the DoD, “The DoD’s current systems for inventory management are custom-built and do not interface with best of breed market solutions, do not efficiently identify assets, and do not provide an integrated view of vulnerability and patch prioritization across the network for each asset.”
The DoD’s custom iteration of patch management is not meeting its high standards. In the DoD’s words, the current method, “takes too much [time] to assess, test, and deploy patches, that fix newly identified vulnerabilities. This timeline must be shortened for success.”
Even a subsidiary of the DoD can struggle to make its proprietary software function at optimal efficiency. In this instance, the simple solutions could make things more effective. It may be easier to see what is available on the market rather than relying on in-house technology. Either as a replacement or an augmentation of your existing capabilities, consider the DoD’s approach. In an area where speed and accuracy are important, it makes sense to consider all your options
Self-refection on your current state is always a good start. It is even better to make frequent reassessments of your capabilities to maintain a process of continuous improvements. A stagnant security system remains vulnerable to adaptive technology. The DoD recognizes the need for frequent updates to fix any gaps within their coverage, hence the call to vendors. A maturity assessment is always a relevant tool to make use of. It allows you to remain up to date with your security software and to gauge the progress you have made already.
Furthermore, the adoption of an off-the-shelf program from the DoD speaks well to the efficiency of the selected program. We’ll be following this story to see the selected vendor and to update you on the choice. While it may not be the best fit for your enterprise, adoption of a vendor by the DoD – an organization with low risk tolerance for security breaches – may provide your organization with example of high-standard evaluation criteria and metrics to use in your own product search.
Want to Know More?
Evaluating vendor proposals is one of the most critical aspects of the RFP process, secondary only to negotiations. The ironic thing is that we've seen too many clients try to abbreviate this activity, take short cuts, or even avoid it altogether. Providing ample time for your team to review the vendor RFP responses is critical to a quality review process, while not rushing the evaluation process ensures that you understand their complete offer and proposal.
SC Media had its recent 2020 SC Awards Honored in the U.S. event and has awarded Qualys recognition for Best Vulnerability Management Solution in the “Trust Awards” category.
Qualys announced its new flagship product, Qualys VMDR, at RSA Conference 2020. According to the Qualys website, VMDR will be available after March 30, 2020.
There is a vulnerability at the layer 2 Wi-Fi encryption level called Kr00k (formally CVE-2019-15126 in the NIST National Vulnerability Database) affecting Broadcom and Cypress Semiconductor Wi-Fi devices.
Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.
Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.
Microsoft has added its Windows 10 Tamper Protection controls to the public version of Microsoft Defender. Previously available only to enterprise users, Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.
Qualys Research Labs, a vulnerability management provider, discovered a vulnerability in the OpenSMTPD Mail server used in conjunction with the OpenBSD operating system. This flaw allows for an attacker to execute arbitrary code with command privileges.
If you are experiencing pressure to lower your IT expense, a reverse auction might be a quick, efficient answer to ensure you are getting a competitive price.