Voyager18 (research)

Do I even need to fix BootHole, SIGRed or SMBleed?

Do you have a plan for BootHole or have you already fixed it? What about SIGRed or SMBleed? Are any of these high-profile vulnerabilities even relevant to the security of your digital infrastructure?

Rhett | September 28, 2020

Do you have a plan for BootHole or have you already fixed it? What about SIGRed or SMBleed? Are any of these high-profile vulnerabilities even relevant to the security of your digital infrastructure?

Vulnerability prioritization is a critical element of any enterprise vulnerability management program. But too often prioritization is done wrong, making the effort inefficient at best, dangerous at worst.

About a month ago we teamed up with the crew from Security Weekly to provide a virtual technical training to share how to do vulnerability remediation the right way by prioritizing what matters to the business. Most companies rely on models that only incorporate the severity of the vulnerability generally and fail to consider actual relevance to their business or risk to IT assets. Misinformed vulnerability prioritization is a significant waste of company resources and focus.

This technical training looks at a vulnerability like SIGRed and provides a step-by-step walk through to align traditional vulnerability prioritization methods with business impact and risk algorithms for efficient and effective vulnerability remediation.

But we don’t just show you how you can do this in the Vulcan remediation orchestration platform, we’ll show you how to leverage free and open source tools, and the tools you already use, to implement risk-based vulnerability prioritization aligned with unique business risk tolerance. This approach makes vulnerabilities relevant to the business and makes remediation substantially more efficient.

Watch the technical training first and then come back to this blog post to get this vulnerability prioritization spreadsheet that Navot Yellin, Vulcan Cyber product manager, built and demonstrated on the training.

Watch this technical training titled, “BootHole, SIGRed and SMBleed… How To Effectively Prioritize & Remediate Vulnerabilities.” You’ll walk away learning how to customize your risk model to help your security and IT operations teams get fix done. Of course if you want to see how Vulcan Cyber delivers custom risk prioritization from the Vulcan SaaS platform, just request a demo from us or get your own free instance of Vulcan here.

But at Vulcan we don’t stop until we help you get fix done. “You’ve identified and prioritized your vulnerabilities. Now what?” is the title of the next technical training we’ll do with Security Weekly. Finding and prioritizing vulns is just the first step in an effective vulnerability management program, and arguably the easiest step.

Vulnerability remediation is a dirty job, and nobody usually likes to do it, especially the IT teams that often shoulder the bulk of remediation work. Attend the next training on Oct. 22nd and we will provide a first look at a new, free resource that delivers thousands of remedies as a service to bridge the gap between vulnerabilities found, and vulnerabilities fixed.

This new, free tool is a searchable database of fixes and solutions for the vulnerabilities that pose the biggest risk to your business. Get security and IT operations teams on the same page and get fix done with a curated database of solutions that includes patches, scripts, configuration changes, workarounds, compensating controls, and more.

Join us and we’ll show you the easiest way to find the best fixes for vulnerabilities like Windows Zerologon, and for the highest-priority Linux OS and application vulnerabilities.

Stop sending IT teams off on a wild fix chase by getting the right remedies to the right teams, right away. Simply finding and prioritizing vulnerabilities is not enough, let’s get fix done.

Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy