Comprehensive software reviews to make better IT decisions
Department of Defense Seeks Improved Patch Management Tech: Why You Should Care
On January 15, 2020, the Department of Defense (DoD), through its Defense Innovation Unit (DIU), issued an open call to vendors to fulfill a contract to help improve their technology and inventory management. According to the DoD, “The DoD’s current systems for inventory management are custom-built and do not interface with best of breed market solutions, do not efficiently identify assets, and do not provide an integrated view of vulnerability and patch prioritization across the network for each asset.”
The DoD’s custom iteration of patch management is not meeting its high standards. In the DoD’s words, the current method, “takes too much [time] to assess, test, and deploy patches, that fix newly identified vulnerabilities. This timeline must be shortened for success.”
Even a subsidiary of the DoD can struggle to make its proprietary software function at optimal efficiency. In this instance, the simple solutions could make things more effective. It may be easier to see what is available on the market rather than relying on in-house technology. Either as a replacement or an augmentation of your existing capabilities, consider the DoD’s approach. In an area where speed and accuracy are important, it makes sense to consider all your options
Self-refection on your current state is always a good start. It is even better to make frequent reassessments of your capabilities to maintain a process of continuous improvements. A stagnant security system remains vulnerable to adaptive technology. The DoD recognizes the need for frequent updates to fix any gaps within their coverage, hence the call to vendors. A maturity assessment is always a relevant tool to make use of. It allows you to remain up to date with your security software and to gauge the progress you have made already.
Furthermore, the adoption of an off-the-shelf program from the DoD speaks well to the efficiency of the selected program. We’ll be following this story to see the selected vendor and to update you on the choice. While it may not be the best fit for your enterprise, adoption of a vendor by the DoD – an organization with low risk tolerance for security breaches – may provide your organization with example of high-standard evaluation criteria and metrics to use in your own product search.
Want to Know More?
Google has identified “unsafe” code in the Chromium web browser engine. This flaw introduces a potential vulnerability that effects Google Chrome, as well as all Chromium-based web browsers.
More than ever, cybersecurity solutions are core to any MSPs offering. No longer should technology service providers be farming this out to dedicated security providers. Trust and peace of mind are the core tenets of what they are selling and solutions like Acronis Cyber Protect Cloud can provide the platform upon which to deliver on those promises.
Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.
We often hear that businesses are continually cyber insecure or under attack. However, recent penetration testing from Rapid7 shows that businesses are getting better at securing their networks against cyberattacks. While organizations continue to have exploitable weaknesses, attackers are having greater difficulty penetrating deeper into businesses’ networks.
Four zero-day vulnerabilities were discovered in IBM’s Data Risk Manager. While the vulnerabilities are concerning, more so is IBM’s response when addressed. The company simply stated, “It’s out of scope.” – meaning it had no intention to rectify or address the issue.
Will New IoT Security Frameworks Push Compliance Obligations to the Forefront of Security Discussions?
The Internet of Things is increasingly embedded with our daily lives. While these devices make life more accessible, for every new device, a new attack vector for cyberattackers is created.
Qualys VMDR Is Now Live: Increasing Security Threats Requires Strong Vulnerability Management Software
Qualys VMDR has hit the live market. Originally unveiled in February 2020 at Qualys Security Conference, VMDR is now publicly available as of April 16, 2020. Partnering with both large and small MSSPs, VMDR is designed to be scalable to any business enterprise and to automate the entire management cycle on all endpoints.
VMware has issued the highest Common Vulnerability Scoring System 3 (CVSSv3) rating, 10.0, on a vulnerability (CVE-2020-3952) found on its VMware vCenter Server version 6.7 software. VMware now has a patch to address this vulnerability, and administrators are urged to install the patch as soon as possible.
Market researcher ResearchandMarkets.com has published its market outlook for vulnerability management tools.