Tag: vulnerability-management
-
The 3% Rule: How To Silence 97% of Your Cloud Alerts and Be More Secure
Tags: access, ai, attack, breach, business, cloud, cve, cvss, data, data-breach, flaw, iam, identity, infrastructure, least-privilege, malicious, metric, network, ransomware, risk, security-incident, service, software, strategy, threat, tool, update, vulnerability, vulnerability-managementPrioritizing what to fix first and why that really matters Key takeaways The 97% distraction: Discover why the vast majority of your “Critical” alerts are just theoretical noise, and how focusing strictly on the 3% of findings that represent real, exploitable risk can drastically improve your security posture. Identity is the accelerant: Breaches rarely happen…
-
2025 Year in Review at Cloud Security Podcast by Google
Tags: 2fa, ai, automation, breach, cloud, compliance, computing, control, cybersecurity, data, defense, detection, edr, finance, google, hacking, incident response, infrastructure, linux, mandiant, metric, mitigation, offense, phone, privacy, risk, security-incident, siem, soc, technology, threat, vulnerability, vulnerability-management, zero-trust(written jointly with Tim Peacock) Five years. It’s enough time to fully launch a cloud migration, deploy a new SIEM, or”Š”, “Šif you’re a very large enterprise”Š”, “Šjust start thinking about doing the first two. It’s also how long Tim and I have been subjecting the world to our thoughts on Cloud Security Podcast by Google. We…
-
Podcast: Die IT-Tops und -Flops 2025
Tags: ai, cio, jobs, malware, microsoft, nis-2, open-source, ransomware, software, vulnerability-managementDie Redaktion von Computerwoche, CIO und CSO sieht das IT-Jahr 2025 mit gemischten Gefühlen zu Ende gehen.Ein turbulentes Jahr 2025 neigt sich dem Ende zu. Es war geprägt von wirtschaftlicher Unsicherheit, geopolitischen Spannungen und dem ungebremsten Siegeszug der Künstlichen Intelligenz. Grund genug für die Redaktion von Computerwoche, CIO und CSO, in der letzten TechTalk-Podcast-Folge des…
-
Vulnerability Management’s New Mandate: Remediate What’s Real
Live from AWS re:Invent, Snir Ben Shimol makes the case that vulnerability management is at an inflection point: visibility is no longer the differentiator”, remediation is. Organizations have spent two decades getting better at scanning, aggregating and reporting findings. But the uncomfortable truth is that many of today’s incidents still trace back to vulnerabilities that…
-
The Biggest Cyber Stories of the Year: What 2025 Taught Us
Tags: access, attack, authentication, awareness, banking, breach, business, ciso, cloud, compliance, container, control, cyber, cyberattack, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, government, healthcare, iam, identity, incident, incident response, Internet, law, metric, mfa, monitoring, network, privacy, regulation, resilience, risk, service, software, strategy, supply-chain, technology, threat, tool, vulnerability, vulnerability-management, zero-day, zero-trustThe Biggest Cyber Stories of the Year: What 2025 Taught Us madhav Thu, 12/18/2025 – 10:30 2025 didn’t just test cybersecurity; it redefined it. From supply chains and healthcare networks to manufacturing floors and data centers, the digital world was reminded of a simple truth: everything is connected, and everything is at risk. Data Security…
-
Complying with the Monetary Authority of Singapore’s Cloud Advisory: How Tenable Can Help
Tags: access, advisory, attack, authentication, best-practice, business, cloud, compliance, container, control, country, credentials, cyber, cybersecurity, data, data-breach, finance, fintech, framework, google, governance, government, iam, identity, incident response, infrastructure, intelligence, Internet, kubernetes, least-privilege, malicious, malware, mfa, microsoft, mitigation, monitoring, oracle, regulation, resilience, risk, risk-assessment, risk-management, service, software, strategy, technology, threat, tool, vulnerability, vulnerability-management, zero-trustThe Monetary Authority of Singapore’s cloud advisory, part of its 2021 Technology Risk Management Guidelines, advises financial institutions to move beyond siloed monitoring to adopt a continuous, enterprise-wide approach. These firms must undergo annual audits. Here’s how Tenable can help. Key takeaways: High-stakes compliance: The MAS requires all financial institutions in Singapore to meet mandatory…
-
Preparing for Cisco Vulnerability Management (formerly Kenna) EndLife: How Tenable Can Help
Tags: application-security, attack, business, cisco, cve, cybersecurity, data, data-breach, flaw, identity, intelligence, Internet, risk, service, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCisco Vulnerability Management (formerly Kenna) has long been a valuable partner for security teams. With its end-of-life now underway, Tenable One offers a clear path forward, delivering end-to-end unified exposure management for the future of risk management. Key takeaways: Tenable’s strong partnership with Cisco helps customers with a natural path forward and easy transition to…
-
Preparing for Cisco Vulnerability Management (formerly Kenna) EndLife: How Tenable Can Help
Tags: application-security, attack, business, cisco, cve, cybersecurity, data, data-breach, flaw, identity, intelligence, Internet, risk, service, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCisco Vulnerability Management (formerly Kenna) has long been a valuable partner for security teams. With its end-of-life now underway, Tenable One offers a clear path forward, delivering end-to-end unified exposure management for the future of risk management. Key takeaways: Tenable’s strong partnership with Cisco helps customers with a natural path forward and easy transition to…
-
NIS2 umsetzen ohne im Papierkrieg zu enden
Tags: access, ai, compliance, control, cyberattack, detection, encryption, germany, iam, identity, incident response, infrastructure, least-privilege, mail, monitoring, nis-2, resilience, sbom, service, siem, soc, software, startup, update, vulnerability, vulnerability-managementDie EU-Richtline NIS2 ist in Deutschland am 06. Dezember 2025 in Kraft getreten. Dieser Beitrag zeigt, wie sich mit DevSecOps ein Großteil der Pflichtarbeit automatisieren lässt.NIS2 ist symbolisch für das Kernproblem europäischer Richtlinien und Verordnungen: Sie erzeugen unnötigen Papierkrieg und entfalten ihre Wirkung zu selten. Sei es das Lieferkettengesetz, die DSGVO”‘Folgenabschätzungen oder das IT”‘Sicherheitsgesetz sie haben…
-
NIS2 umsetzen ohne im Papierkrieg zu enden
Tags: access, ai, compliance, control, cyberattack, detection, encryption, germany, iam, identity, incident response, infrastructure, least-privilege, mail, monitoring, nis-2, resilience, sbom, service, siem, soc, software, startup, update, vulnerability, vulnerability-managementDie EU-Richtline NIS2 ist in Deutschland am 06. Dezember 2025 in Kraft getreten. Dieser Beitrag zeigt, wie sich mit DevSecOps ein Großteil der Pflichtarbeit automatisieren lässt.NIS2 ist symbolisch für das Kernproblem europäischer Richtlinien und Verordnungen: Sie erzeugen unnötigen Papierkrieg und entfalten ihre Wirkung zu selten. Sei es das Lieferkettengesetz, die DSGVO”‘Folgenabschätzungen oder das IT”‘Sicherheitsgesetz sie haben…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
When it comes to security resilience, cheaper isn’t always better
Tags: access, attack, authentication, breach, business, cctv, cio, ciso, cloud, control, cyber, cybersecurity, data, data-breach, defense, encryption, exploit, government, hacker, healthcare, incident, incident response, jobs, leak, malicious, metric, mfa, monitoring, ransomware, RedTeam, resilience, risk, risk-management, saas, service, soc, software, threat, tool, update, vpn, vulnerability, vulnerability-management, zero-trustThe hidden trade-offs with resilience: Savings don’t erase risk. They shift it. What looks efficient today becomes exposed tomorrow. Cyber resilience is often the first casualty.Supply chain fragility: Cyber threats thrive on concentration. When procurement consolidates digital services into a single provider to save money, a single breach can have a ripple effect across your…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
Offensive security takes center stage in the AI era
Tags: ai, attack, automation, business, ciso, control, credentials, cyber, cybersecurity, data, defense, detection, encryption, framework, hacker, hacking, incident response, intelligence, malicious, offense, phishing, RedTeam, regulation, risk, skills, software, strategy, tactics, technology, threat, tool, vulnerability, vulnerability-management, windowsRed teaming, where ethical hackers simulate real-world attacks to test detection and response capabilities. Red teams aim to emulate threat actors by using stealthy tactics to bypass controls and achieve objectives such as data exfiltration or privilege escalation.Adversary emulation, where security pros re-create known threat actor tactics, techniques, and procedures (TTPs) based on threat intelligence…
-
When ERP Systems Become the Attack Surface
Tags: attack, business, cyber, data-breach, flaw, oracle, skills, vulnerability, vulnerability-managementSkills Needed: Enterprise Architecture, Configuration and Vulnerability Management When a critical vulnerability surfaces in ERP systems such as the Oracle E-Business Suite flaw, attackers can go well beyond a single compromised server. The flaw exposed the need for cyber professionals who understand enterprise architecture, secure configuration and vulnerability interpretation. First seen on govinfosecurity.com Jump to…
-
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities. Taking into account that nearly…
-
Mit DORA rückt das IKT-Risikomanagement immer mehr in den Fokus
DORA ist bereits in Kraft getreten, Unternehmen sollten sich jedoch nicht auf Compliance allein verlassen. Innovationszyklen orientieren sich nicht an Compliance und die Möglichkeiten der Automatisierung sind besonders im Schwachstellenmanagement durch Agentic AI groß. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/mit-dora-rueckt-das-ikt-risikomanagement-immer-mehr-in-den-fokus/a42998/
-
Fragmented tooling slows vulnerability management
Security leaders know vulnerability backlogs are rising, but new data shows how quickly the gap between exposures and available resources is widening, according to a new … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/28/hackuity-vulnerability-management-trends-report/
-
What You Can’t See Can Hurt You: Are Your Security Tools Hiding the Real Risks?
Tags: application-security, attack, business, cloud, cyber, cybersecurity, data, endpoint, exploit, guide, identity, risk, threat, tool, vulnerability, vulnerability-managementWith disconnected tools creating critical blind spots, your security stack is likely hiding more risk than it exposes. Discover how unifying your security data into a single view uncovers the full risk picture and lets you focus on what matters most. Key takeaways: Siloed cybersecurity tools generate a lot of data, but leave you with…
-
What You Can’t See Can Hurt You: Are Your Security Tools Hiding the Real Risks?
Tags: application-security, attack, business, cloud, cyber, cybersecurity, data, endpoint, exploit, guide, identity, risk, threat, tool, vulnerability, vulnerability-managementWith disconnected tools creating critical blind spots, your security stack is likely hiding more risk than it exposes. Discover how unifying your security data into a single view uncovers the full risk picture and lets you focus on what matters most. Key takeaways: Siloed cybersecurity tools generate a lot of data, but leave you with…
-
ENISA becomes CVE Program Root, strengthening Europe’s vulnerability management framework
The European Union Agency for Cybersecurity (ENISA) has been officially designated as a Program Root in the global Common Vulnerabilities and Exposures (CVE) Program. It marks a significant step in the EU’s efforts to bolster cybersecurity resilience and streamline vulnerability coordination across member states. As a Program Root, ENISA will serve as the central point…
-
Europe Strengthens Cyber Defense as ENISA Becomes CVE Root
The European Union Agency for Cybersecurity (ENISA) has taken a major step forward in advancing vulnerability management across Europe by becoming a CVE Root within the global Common Vulnerabilities and Exposures (CVE) Program. This designation makes ENISA a central point of contact for national and EU authorities, members of the EU CSIRTs Network, and other…
-
Europe Strengthens Cyber Defense as ENISA Becomes CVE Root
The European Union Agency for Cybersecurity (ENISA) has taken a major step forward in advancing vulnerability management across Europe by becoming a CVE Root within the global Common Vulnerabilities and Exposures (CVE) Program. This designation makes ENISA a central point of contact for national and EU authorities, members of the EU CSIRTs Network, and other…
-
The nexus of risk and intelligence: How vulnerability-informed hunting uncovers what everything else misses
Tags: access, attack, authentication, business, cisa, compliance, cve, cvss, dark-web, data, defense, detection, dns, edr, endpoint, exploit, framework, intelligence, kev, linux, malicious, mitigation, mitre, monitoring, ntlm, nvd, open-source, password, powershell, remote-code-execution, risk, risk-management, siem, soc, strategy, tactics, technology, threat, update, vulnerability, vulnerability-managementTurning vulnerability data into intelligence: Once vulnerabilities are contextualized, they can be turned into actionable intelligence. Every significant CVE tells a story, known exploit activity, actor interest, proof-of-concept code or links to MITRE ATT&CK techniques. This external intelligence gives us the who and how behind potential exploitation.For example, when a privilege escalation vulnerability in Linux…
-
Tenable Cloud Vulnerability Management: Reducing Vulnerability Risk in the Cloud Era
Tags: access, ai, api, attack, ciso, cloud, compliance, container, data, exploit, flaw, google, identity, infrastructure, intelligence, oracle, privacy, risk, risk-assessment, service, software, technology, threat, training, vulnerability, vulnerability-managementTenable has launched Tenable Cloud Vulnerability Management, a powerful new offering within Tenable One, to help vulnerability management leaders identify, prioritize, and remediate exposures across multi-cloud and hybrid environments. Key takeaways Agentless inventory and visibility: Achieve complete asset inventory and coverage across all existing virtual machines, virtual machine images and container images in AWS, Azure,…
-
Tenable Cloud Vulnerability Management: Reducing Vulnerability Risk in the Cloud Era
Tags: access, ai, api, attack, ciso, cloud, compliance, container, data, exploit, flaw, google, identity, infrastructure, intelligence, oracle, privacy, risk, risk-assessment, service, software, technology, threat, training, vulnerability, vulnerability-managementTenable has launched Tenable Cloud Vulnerability Management, a powerful new offering within Tenable One, to help vulnerability management leaders identify, prioritize, and remediate exposures across multi-cloud and hybrid environments. Key takeaways Agentless inventory and visibility: Achieve complete asset inventory and coverage across all existing virtual machines, virtual machine images and container images in AWS, Azure,…
-
Bundestag beschließt NIS2-Umsetzung
Tags: backup, bsi, ciso, cloud, cyberattack, cyersecurity, germany, governance, Hardware, kritis, linkedin, nis-2, risk, risk-analysis, software, vulnerability-managementUrsprünglich hätte die EU-Richtlinie NIS2 bereits im Oktober 2024 in nationales Recht umgesetzt werden müssen. Der jetzt vom Bundestag beschlossene Gesetzesentwurf sorgt weiterhin für Gesprächsstoff. Der Bundestag hat den Gesetzesentwurf der Bundesregierung zur Umsetzung der NIS-2-Richtlinie am 13. November 2025 verabschiedet. Union, SPD und AfD stimmten dafür. Die Grünen, denen das Gesetzt nicht weit genug…