Tag: vulnerability-management
-
Mit dem neuen EndpointPortfolio revolutioniert Watchguard die Preisgestaltung für Endpoint-Lösungen
Mit dem neuen Endpoint-Security-Portfolio bricht Watchguard Technologies traditionelle Lizenzmodelle für Endpoint-Detection and Response (EDR) konsequent auf. Das neue, mehrstufige Angebot umfasst Funktionen auf Enterprise-Niveau, die bei vielen anderen Anbietern nur als kostenpflichtige Zusatzmodule verfügbar sind darunter KI-gestützte Sicherheit, proaktives Schwachstellenmanagement und URL-Filterung. Gleichzeitig entfallen die Mehrausgaben, die Komplexität und operative Aufwände, die üblicherweise mit […]…
-
What Anthropic Glasswing reveals about the future of vulnerability discovery
From backlog management to exposure-window risk: The issue, as Williams frames it, is not simply how many vulnerabilities exist, but how they are managed. “Mythos makes one thing painfully clear,” he says. “This is not a prioritization problem. It’s an exposure-window problem.”Traditional vulnerability management has been built around prioritization, ranking issues by severity, exploitability, and…
-
‘The Broken Physics of Remediation”-Studie zeigt fundamentalen Wandel in der Cyberabwehr
Die Threat Research Unit (TRU) von Qualys veröffentlicht die Ergebnisse der Studie ‘The Broken Physics of Remediation” die bislang umfassendste Analyse zu Schwachstellenmanagement und Exploitation-Trends. Sie basieren auf der Auswertung von über einer Milliarde CISA-KEV-Datensätzen aus mehr als 10.000 Organisationen weltweit über einen Zeitraum von vier Jahren (20222025) und zeigt deutlich, dass die Geschwindigkeit moderner…
-
Beyond the Spectacle RSAC 2026 and The 5 Layers of AI Security FireTail Blog
Tags: ai, attack, business, conference, control, cybersecurity, data, detection, edr, framework, LLM, strategy, technology, tool, vulnerability, vulnerability-managementMar 31, 2026 – Jeremy Snyder – If you were at RSA Conference last year, you probably remember the goats. Or the puppies. Or the miniature petting zoos. It was a year of “over-the-top” spectacle. A bit of a circus, if I’m being honest.Coming into RSAC 2026, the vibe shifted. The show floor was noticeably…
-
Rethinking Vulnerability Management Strategies for Mid-Market Security
Intruder’s Chris Wallis argues mid-market teams should prioritize CVE remediation speed over vulnerability counts, while expanding defenses beyond CVEs to include attack surface management. First seen on darkreading.com Jump to article: www.darkreading.com/cybersecurity-operations/rethinking-vulnerability-management-strategies-for-mid-market-security
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Anton’s Security Blog Quarterly Q1 2026
Tags: ai, automation, breach, ciso, cloud, control, defense, detection, framework, google, governance, infrastructure, mandiant, metric, RedTeam, risk, service, siem, soc, software, supply-chain, threat, update, vulnerability, vulnerability-managementMy Anton’s Security Blog (And Podcast!) Quarterly this covers both Anton on Security and my posts from Google Cloud blog, Google Cloud community blog, and our Cloud Security Podcast (subscribe on Spotify, now with VIDEO). Gemini image for this Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”,…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
Don’t confuse asset inventory with exposure management
Tags: access, ai, api, attack, breach, business, chatgpt, cloud, compliance, control, credentials, cyber, cybersecurity, data, data-breach, detection, endpoint, flaw, framework, governance, government, identity, infrastructure, intelligence, Internet, leak, least-privilege, metric, mfa, monitoring, network, regulation, risk, saas, service, software, threat, tool, update, vulnerability, vulnerability-managementAsset discovery tells you what IT exists in your environment. Exposure management tells you what will get you breached. If your platform can’t connect vulnerabilities, identities, misconfigurations, and AI systems into real attack paths, you don’t have exposure management. You have inventory. Key takeaways True exposure management requires more than asset inventory. It’s about merging…
-
AWS expands Security Hub for multicloud security operations
Tags: access, api, ceo, ciso, cloud, cybersecurity, data, detection, endpoint, framework, google, identity, incident response, india, infrastructure, Internet, microsoft, monitoring, risk, threat, tool, vulnerability, vulnerability-managementCross-cloud security monitoring: While AWS has not provided technical details on how it will identify vulnerabilities outside its native environment, Sanchit Vir Gogia, chief analyst at Greyhound Research, said multicloud visibility typically works by collecting signals from multiple security systems and translating them into a consistent format so they can be analysed together.A key enabler…
-
CVE program funding secured, easing fears of repeat crisis
Transparency questions remain: Despite the apparent funding stability, the contract itself remains largely opaque, even to members of the CVE board.A source close to the CVE program, who requested anonymity to preserve working relationships with CISA and MITRE, described the agreement as reassuring but lacking transparency.”It’s a mystery contract with a mystery number that has…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
NCSC Warns UK Organisations to Prepare for Potential Iran-Linked Cyber Activity
Tags: advisory, attack, awareness, breach, business, china, cyber, cybercrime, data, data-breach, espionage, exploit, finance, government, group, incident response, infrastructure, international, Internet, iran, leak, malware, middle-east, military, monitoring, phishing, resilience, risk, russia, service, supply-chain, tactics, threat, tool, update, vulnerability, vulnerability-managementGeopolitical conflict rarely stays confined to physical battlefields. Increasingly, it spills into the digital domain. The latest escalation of tensions in the Middle East has prompted the UK’s National Cyber Security Centre (NCSC) to issue a warning to organisations to review their cyber security posture and prepare for possible cyber activity linked to Iran. While…
-
NDSS 2025 JBomAudit: Assessing The Landscape, Compliance, And Security Implications Of Java SBOMS
Tags: compliance, conference, Internet, network, risk, sbom, software, technology, tool, vulnerability, vulnerability-managementSession 14A: Software Security: Applications & Policies Authors, Creators & Presenters: Yue Xiao (IBM Research), Dhilung Kirat (IBM Research), Douglas Lee Schales (IBM Research), Jiyong Jang (IBM Research), Luyi Xing (Indiana University Bloomington), Xiaojing Liao (Indiana University) PAPER JBomAudit: Assessing the Landscape, Compliance, and Security Implications of Java SBOMs A Software Bill of Materials (SBOM)…
-
Top 7 Cloud Scanner for Vulnerabilities in 2026
We talk about ‘Vulnerability Management’ collectively as important! But, when security is not confined to only “finding every CVE” and more about shrinking exploitable paths faster than the business ships change, we need to go inclusive and focus on everything. Today, we focus on ‘managing cloud vulnerability’. Security leaders can’t buy their way out of……
-
Top 7 Cloud Scanner for Vulnerabilities in 2026
We talk about ‘Vulnerability Management’ collectively as important! But, when security is not confined to only “finding every CVE” and more about shrinking exploitable paths faster than the business ships change, we need to go inclusive and focus on everything. Today, we focus on ‘managing cloud vulnerability’. Security leaders can’t buy their way out of……
-
ServiceNow AVR + Contrast Security: Better together
<div cla Struggling with application vulnerability management? Managing remediation of application vulnerabilities to limit risk can be challenging. Organizations may have hundreds or thousands of applications to secure with thousands of interlocking components, such as third-party libraries and open-source code. This distributed architecture expands the attack surface, making it hard to monitor and secure. On…
-
Modern Vulnerability Management in the Age of AI
<div cla Vulnerability management today is not failing because teams stopped scanning. It’s failing because the ground underneath it shifted. The approach we’ve relied on, complete advisory data, upstream fixes on demand, and fast upgrades, no longer holds up. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/modern-vulnerability-management-in-the-age-of-ai/
-
The CVE Treadmill: Why You Can’t Patch Your Way to Security
Patching alone no longer stops breaches. Learn why CVE-based vulnerability management is failing and how runtime visibility reveals what’s truly exploitable in your environment. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/the-cve-treadmill-why-you-cant-patch-your-way-to-security/
-
Audit Finds Security Weaknesses at VA Spokane Medical Center
Access, Vulnerability Management, Configuration Lapses. A federal watchdog agency inspection of information security at the VA health system in Spokane, Wash. last year found deficiencies across three areas – configuration management, vulnerability management and access controls – that could potentially put sensitive data at risk, a new report said. First seen on govinfosecurity.com Jump to…
-
Discipline is the new power move in cybersecurity leadership
Tags: automation, cyber, cybersecurity, data, group, incident response, intelligence, metric, risk, risk-management, service, siem, soc, technology, threat, tool, update, vulnerability, vulnerability-managementHow to do more with less: 1. Review contracts, renegotiate them or change the operations to a new partner Scope, service-level agreements and performance metrics should be revisited because many contracts were established under different risk profiles, urgency and pricing conditions. Modernizing contracts to focus on outcomes rather than activities, revalidating pricing and service assumptions…