New Google vulnerability: Learn about zero-day CVE-2022-3075 in Chorme web browser  | Fix now >> 

The CyberRisk Summit on-demand: Watch the latest #CRS anytime, anywhere | Watch now  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

Exploit maturity: an introduction

IT Security teams know that fixing all vulnerabilities is impossible. The goal is not to fix everything, but to mitigate the cyber risk with the most impact. Exploit maturity helps us make sense of the most pressing threats by providing us with an understanding of the real risk posed by any given vulnerability. This white… Continue reading Exploit maturity: an introduction

A step-by-step guide to achieve vulnerability management success

Read the eBook to understand the four stages of cyber risk success: Reactive; Data-driven; Orchestrated; Transformative. Learn the behaviors and benefits of each stage, and discover how your organization can move from “Reactive” to “Transformative” with this Vulcan Cyber eBook, to more effectively protect your business from security threats.

Secure coding best practices

Developers are essential players when it comes to delivering new products and features. But they are also integral to ensuring security within applications. Vulnerable code can easily open the door to greater cyber risk, and developers must stay vigilant and put security first. This isn’t an easy challenge given that they are understandably not cyber… Continue reading Secure coding best practices

Vulnerability management – cloud and remote working

For many organizations, vulnerability management remains a big concern. Security teams are accountable, but not responsible, for much of the risk mitigation process, and struggle to communicate its importance to different teams and stakeholders. Migration to the cloud has not helped this. While identifying vulnerabilities has become more straightforward, fixing them and managing the cyber… Continue reading Vulnerability management – cloud and remote working

Mapping CVEs to the MITRE ATT&CK framework

As the cyber industry embraces and standardizes the MITRE ATTACK framework, while at the same time understanding that vulnerability management by itself is not enough, we must combine both worlds and expand our visibility and perception of CVEs. This white paper explores how the Vulcan Cyber research team, also known as “Voyager18” team, mapped relevant techniques to… Continue reading Mapping CVEs to the MITRE ATT&CK framework

How organizations can avoid cyber negligence

Attack surfaces have never been bigger, and cyber security teams are quickly overwhelmed by a growing threatscape. It’s easy to fall into a trap of cyber negligence, reacting from one crisis to another. But this is an unsustainable, short-sighted approach. This white paper – based on a Remediation Summit session from Ryan Gurney (CISO-in-residence at… Continue reading How organizations can avoid cyber negligence

The best free and open source tools for cyber risk assessment and mitigation

The number of newly disclosed vulnerabilities has been growing year after year for more than a decade. With so many new vulnerabilities to fix a notable number of free and open source tools have become available to help get fix done. This white paper breaks down the most useful free and open source helping IT… Continue reading The best free and open source tools for cyber risk assessment and mitigation

How to avoid a paper tiger vulnerability management program

As attack surfaces grow and vulnerabilities mount, organizations look to their vulnerability management programs to respond to threats and keep them secure. But not all VM programs are created equal. In fact, many are limited in what they can offer in answer to security gaps in their unique environments. This white paper explains why some… Continue reading How to avoid a paper tiger vulnerability management program

The difference between legacy and modern vulnerability management

In terms of the endgame, security teams all share the same goal: drive down risk and keep organizations secure from data breaches. But it’s in the approaches they take to getting there that we see different attitudes. This stems from fundamental distinctions between legacy and modern vulnerability management. This white paper lays out the main… Continue reading The difference between legacy and modern vulnerability management

The business case for risk-based vulnerability management

From the moment you scan for vulnerabilities, the rest of the remediation effort becomes tedious and manual. The growing scale and complexity of attack surfaces has resulted in organization-wide inefficiencies. This white paper provides the details, the numbers and the examples to help you build a business case for cyber risk management.