The Common Vulnerability Scoring System (CVSS) is a prevalent, standardized method for gauging digital systems’ severity of security vulnerabilities. Developed by the Forum of Incident Response and Security Teams (FIRST), it gives security professionals a consistent approach to assessing and prioritizing risks. The current version, CVSS v3.0, has been operational for over a decade but… Continue reading CVSS v4.0 is here – what you need to know
What is SSVC? SSVC, a vulnerability prioritization methodology, was introduced to the cyber security market in April 2021 by security researchers at Carnegie Mellon University’s Software Engineering Institute (SEI) and the Cybersecurity and Infrastructure Security Agency (CISA). The SSVC method was created to help security analysts and vulnerability managers with vulnerability prioritization decision-making. How does… Continue reading The SSVC risk prioritization method: what it is, when to use it, and alternatives
Vulnerabilities can arise in software due to existing bugs, improperly secured firewall rules, or various other reasons. If attackers succeed in exploiting these vulnerabilities, this can lead to system disruptions and serious damage to the targeted organization. KEY STAT: In 2022, 76% of organizations were targeted by a ransomware attack A thorough and efficient vulnerability… Continue reading Vulnerability management metrics in 2023: the ultimate guide
EPSS – or Exploit Prediction Scoring System – estimates the likelihood of a vulnerability being exploited. It assigns it a probability score between 0 and 1 (0% and 100%), with a higher score meaning a greater likelihood that the vulnerability will be exploited in the next 30 days. The goal is to better prioritize the… Continue reading Thinking of using EPSS? Here’s what you need to know
There is a well-known travel guide that is popular, in part, because it has “Don’t Panic” embossed conspicuously on the cover. In the world of cybersecurity, where new vulnerabilities and new attacks are announced on an almost daily basis, it’s a phrase we should take to heart. While we need to be aware of evolving cyber… Continue reading In large friendly letters – making sense of cyber vulnerabilities
Vulcan Cyber now offers customizable vulnerability prioritization to help security and IT operations teams secure digital infrastructure through targeted remediation Tel Aviv – July 1, 2020 – Vulcan Cyber®, developers of the industry’s only end-to-end risk remediation platform, today announced customers can now add custom risk parameters to existing Vulcan Cyber vulnerability prioritization algorithms for… Continue reading Vulcan Cyber Adds Customizable Risk Modeling to its Risk Remediation Platform
Malicious breaches are on the rise and they’re getting more expensive, according to a July 2019 IBM report. An average breach now costs $3.92 million, with larger breaches costing over $100 million before penalties. Vulnerabilities are increasing with roughly 1,000 new ones reported per month. Meanwhile, there’s a shortage of cybersecurity workers; in the US… Continue reading Don’t React to the Headlines – Solutions for Cyber Security
By this point, we’re all well aware of the torrents of vulnerabilities out there and the pressure that they impose on CISOs and security teams. That’s why incorporating automation methodologies into the vulnerability remediation processes has become key to handling the current threat landscape safely and consistently. And not just for efficiency’s sake. As Larry… Continue reading Prioritizing Risk with Vulcan Remediation Orchestration
The number of vulnerabilities uncovered daily has long exceeded what security teams can possibly address. The key to success in vulnerability management no longer lies in patching everything, but rather in making judgment calls and deciding which vulnerabilities to address and which to ignore.
The question of remediating every single vulnerability is moot. Given the massive amounts of vulnerabilities being disclosed every month, it’s logistically and organizationally unfeasible. At the enterprise level, even the largest IT team simply can’t handle all the vulnerabilities out there – nor, in truth do they need to.