The CyberRisk Summit is back: Join us on Dec 6. as we recap the cyber risk landscape in 2022 | Get free ticket >> 

Live webinar, Oct 13: Attend to learn how you can deduplicate vulnerability and deliver a smarter approach to cyber risk management  | Register  >>

New report: Mapping MITRE ATT&CK framework to CVEs |  Read more  >>

The most common CVEs (and how to fix them)

Every year, MITRE adds thousands of new entries to their Common Vulnerabilities and Exposures (CVE) list. With only a few exceptions, the number of vulnerabilities posted to the list has gone up almost every year, with over four thousand posted already in 2022.  That’s not to say that all CVEs are going to lead to… Continue reading The most common CVEs (and how to fix them)

In large friendly letters – making sense of cyber vulnerabilities

There is a well-known travel guide that is popular, in part, because it has “Don’t Panic” embossed conspicuously on the cover. In the world of cybersecurity, where new vulnerabilities and new attacks are announced on an almost daily basis, it’s a phrase we should take to heart. While we need to be aware of evolving cyber… Continue reading In large friendly letters – making sense of cyber vulnerabilities

CISA known exploited vulnerabilities – what do they mean for your organization?

Recently, CISA added 95 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The catalog is a living list of known CVEs that represent significant risk to federal enterprises, and is regularly updated.  But while new vulnerabilities are added constantly, it’s unusual for CISA to add more than a handful to their catalog at a time,… Continue reading CISA known exploited vulnerabilities – what do they mean for your organization?

Most risk-based vulnerability management programs are ineffective

Latest research shows IT security teams are not doing enough to correlate vulnerability data with actual business risk leaving organizations exposed. TEL AVIV, Israel — December 16, 2021 — According to a Vulcan Cyber survey of more than 200 enterprise IT and security executives conducted by Pulse, 86% of respondents rely on third-party vulnerability severity… Continue reading Most risk-based vulnerability management programs are ineffective

CISA and NIST compile ominous vulnerability reports

Last month, the US Cybersecurity and Infrastructure Security Agency (CISA) issued a new directive requiring federal agencies to patch known exploited vulnerabilities within specific timeframes. With this directive, CISA also published the Known Exploited Vulnerabilities Catalog. While a welcome move, these vulnerability reports are not enough on its own to change the cyber risk status… Continue reading CISA and NIST compile ominous vulnerability reports

Multi-cloud security: what you need to know

The multi-cloud approach is becoming increasingly popular among companies looking to take advantage of its agility, innovation, potential cost savings, and the flexibility to choose the best of what each cloud provider has to offer based on your needs. According to Gartner’s 2020 survey, 81% of public cloud users reported they were using the services… Continue reading Multi-cloud security: what you need to know

Announcing the Vulcan Cyber Security Posture Rating

Cyber security organizations are inundated with security and vulnerability alerts, and few have the available resources to properly investigate, accurately prioritize and intelligently respond to true risk. Understanding which vulnerabilities to address, and in what order, is a key component of an effective risk management strategy but is only one step in the risk management… Continue reading Announcing the Vulcan Cyber Security Posture Rating

Survey Finds 76% of Companies Impacted by IT Vulnerabilities

Report indicates notable CISO focus on fixing IT vulnerabilities using risk analytics and mitigation TEL AVIV, Israel — July 29, 2021 — Vulcan Cyber®, developers of the industry’s only risk-based remediation platform for infrastructure, application and cloud security, today announced the latest results of its ongoing research into cyber risk remediation initiatives and risk impact… Continue reading Survey Finds 76% of Companies Impacted by IT Vulnerabilities

A Step Forward for the Evolving Risk-Based Cyber Security Market

Lots has been happening in the risk-based cyber security market as of late. In the past couple of weeks alone, we’ve witnessed two major power moves: Insight Partners’ $110M investment in Brinqa and the announcement of Kenna security’s acquisition by Cisco. At Vulcan Cyber, we know this rising tide will float all boats. So first,… Continue reading A Step Forward for the Evolving Risk-Based Cyber Security Market

Cyber Security Automation: When to Automate Your Vulnerability Management Program

Vulnerability management (VM) stakeholders continue to struggle to keep up with the criminals, mainly due to the growing volume of attacks, and the lack of cyber security automation. According to Edgescan, on average it takes organizations 84 days to remediate high risk vulnerabilities—an almost three-month window during which networks and data can be compromised. The… Continue reading Cyber Security Automation: When to Automate Your Vulnerability Management Program