Tag: vulnerability-management
-
Report Reveals Tool Overload Driving Fatigue and Missed Threats in MSPs
Tags: business, ceo, compliance, cybersecurity, endpoint, msp, network, ransomware, risk, threat, tool, vulnerability, vulnerability-managementThe Scale of the Problem The average MSP now runs five security tools, with 20% juggling seven to ten and 12% managing more than ten. Only 11% report seamless integration. The remaining 89% must flip between separate dashboards and waste time on manual workflows. One in four security alerts prove meaningless, with some MSPs reporting that…
-
BSidesSF 2025: Is Vulnerability Management Dead? A Security Architect’s Survival Guide
Creator/Author/Presenter: Snir Ben Shimol Our deep appreciation to Security BSides – San Francisco and the Creators/Authors/Presenters for publishing their BSidesSF 2025 video content on YouTube. Originating from the conference’s events held at the lauded CityView / AMC Metreon – certainly a venue like no other; and via the organization’s YouTube channel. Additionally, the organization is…
-
We’re a Major Player in the 2025 IDC MarketScape for CNAPP. Here’s Why That Matters for Your Cloud Security.
Tags: access, attack, automation, business, ciso, cloud, compliance, control, cyber, cybersecurity, data, data-breach, detection, governance, iam, identity, incident response, infrastructure, metric, radius, risk, strategy, threat, tool, vulnerability, vulnerability-management“With a strong focus on CNAPP through Tenable Cloud Security and exposure management with Tenable One, Tenable provides visibility and control over hybrid attack surfaces, including on-premises, cloud, and hybrid environments,” according to the report. To successfully tackle your cloud security challenges, you need a partner that understands the landscape and offers you a powerful,…
-
PCI 4.0-Konformität sicherstellen durch File-Integrity-Monitoring für Container
Der zunehmende Einsatz von Containern hat die moderne Infrastruktur revolutioniert und ermöglicht schnellere Innovationen und eine größere Skalierbarkeit. Diese Transformation bringt jedoch auch eine neue Welle von Compliance-Herausforderungen mit sich. PCI-DSS 4.0 führt strengere Anforderungen für das Schwachstellenmanagement und das File-Integrity-Monitoring (FIM) in dynamischen Umgebungen wie Kubernetes und containerisierten Workloads ein. Für viele Sicherheits- und…
-
The AI Security Dilemma: Navigating the High-Stakes World of Cloud AI
Tags: access, ai, attack, cloud, container, control, credentials, cve, data, data-breach, flaw, google, identity, infrastructure, intelligence, least-privilege, microsoft, risk, service, software, tool, training, vulnerability, vulnerability-managementAI presents an incredible opportunity for organizations even as it expands the attack surface in new and complex ways. For security leaders, the goal isn’t to stop AI adoption but to enable it securely. Artificial Intelligence is no longer on the horizon; it’s here, and it’s being built and deployed in the cloud at a…
-
Applying Tenable’s Risk-based Vulnerability Management to the Australian Cyber Security Centre’s Essential Eight
Tags: ai, attack, breach, business, cloud, compliance, container, control, cvss, cyber, cybersecurity, data, data-breach, defense, endpoint, finance, firewall, framework, google, government, identity, incident response, infrastructure, intelligence, Internet, microsoft, mitigation, network, ransomware, risk, service, software, strategy, technology, threat, tool, update, vpn, vulnerability, vulnerability-management, windows, zero-dayLearn how Thales Cyber Services uses Tenable to help customers navigate the maturity levels of the Essential Eight, enabling vulnerability management and staying ahead of cyber threats. In today’s fast-moving digital world, cyber threats are more advanced and relentless than ever. A single security breach can mean financial loss, reputational damage and operational chaos. That’s…
-
Schwachstellenmanagement weitergedacht: Warum Priorisierung allein nicht reicht
Ein zeitgemäßes Vorgehen schließt die Lücke zwischen identifiziertem Risiko und tatsächlicher Reaktion, indem es über bloße Priorisierung hinausgeht. Durch die Kombination von detailliertem Laufzeitkontext mit KI-gestützten Korrekturhinweisen können Sicherheitsteams besonders wirksame Maßnahmen erkennen und zügig umsetzen. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/schwachstellenmanagement-weitergedacht-warum-priorisierung-allein-nicht-reicht/a41444/
-
Nur Priorisieren reicht beim Schwachstellenmanagement nicht aus
Die meisten Sicherheitsteams werden mit Schwachstellenwarnungen überschwemmt. Jeder Tag bringt scheinbar eine neue Welle von CVEs mit sich, die viel Aufmerksamkeit erfordern oder als ‘kritisch” gekennzeichnet sind. Aber nicht alle Schwachstellen sind gleich und nicht alle müssen behoben werden. Viele Anbieter haben sich stark auf die Priorisierung von Schwachstellen konzentriert, um Teams dabei zu helfen, wichtige Signale…
-
CTEM vs ASM vs Vulnerability Management: What Security Leaders Need to Know in 2025
The modern-day threat landscape requires enterprise security teams to think and act beyond traditional cybersecurity measures that are purely passive and reactive, and in most cases, ineffective against emerging threats and sophisticated threat actors. Prioritizing cybersecurity means implementing more proactive, adaptive, and actionable measures that can work together to effectively address the First seen on…
-
How talent-strapped CISOs can tap former federal government cyber pros
Tags: cio, ciso, cyber, cybersecurity, government, jobs, risk, service, skills, software, switch, technology, threat, vulnerability, vulnerability-managementLuring federal talent to the private sector: In the past, the federal government represented a stable career path. Many highly skilled people spent their entire careers within the federal government. But the current shakeup makes some of that talent, trusted and honed by federal agencies, available to industry CISOs.Federal workers may look to state and…
-
How talent-strapped CISOs can tap former federal government cyber pros
Tags: cio, ciso, cyber, cybersecurity, government, jobs, risk, service, skills, software, switch, technology, threat, vulnerability, vulnerability-managementLuring federal talent to the private sector: In the past, the federal government represented a stable career path. Many highly skilled people spent their entire careers within the federal government. But the current shakeup makes some of that talent, trusted and honed by federal agencies, available to industry CISOs.Federal workers may look to state and…
-
Auf der Suche nach Alternativen zum CVE-Programm
Tags: advisory, ceo, cisa, cve, cvss, cyber, cyersecurity, exploit, github, google, group, infrastructure, intelligence, kev, microsoft, nist, nvd, open-source, oracle, ransomware, resilience, risk, siem, soar, software, supply-chain, threat, tool, update, vulnerability, vulnerability-management, zero-daySollte das CVE-Programm eingestellt werden, wäre die Bewertung und Behebung von Sicherheitslücken schwieriger.Der jüngste kurze Panikausbruch wegen der möglichen Einstellung des Common Vulnerabilities and Exposures (CVE)-Programms hat die starke Abhängigkeit der Sicherheitsbranche von diesem Programm deutlich gemacht. Er führte zu Diskussionen über Notfallstrategien , falls das standardisierte System zur Identifizierung und Katalogisierung von Schwachstellen nicht…
-
How to Chart an Exposure Management Leadership Path for You, Your Boss and Your Organization
Tags: access, attack, automation, breach, business, ciso, cloud, container, cybersecurity, data, defense, exploit, identity, incident response, iot, jobs, kubernetes, ransom, regulation, risk, security-incident, service, soc, threat, tool, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, we share some tips on how to lead the move to exposure management. You can read the entire Exposure Management Academy series here. For years, organizations poured resources into reactive…
-
Navigating a Heightened Cyber Threat Landscape: Military Conflict Increases Attack Risks
Tags: advisory, ai, attack, authentication, breach, business, cloud, container, control, cyber, cyberattack, cybersecurity, data, data-breach, defense, detection, exploit, finance, firmware, group, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iran, mfa, military, network, password, risk, russia, service, strategy, tactics, technology, terrorism, threat, tool, update, vulnerability, vulnerability-managementThe current geopolitical climate demands a proactive, comprehensive approach to cybersecurity. Here’s what you need to know, and how Tenable can help. The cybersecurity landscape is in constant flux, but rarely do we see such a rapid escalation of threats as we are currently experiencing. The U.S. Department of Homeland Security’s (DHS) National Terrorism Advisory…
-
The vulnerability management gap no one talks about
If an endpoint goes ping but isn’t on the network, does anyone hear it? First seen on theregister.com Jump to article: www.theregister.com/2025/06/24/vulnerability_management_gap_noone_talks/
-
Qualys-Lösungen für außergewöhnliche Leistungen bei den SC Awards Europe 2025 ausgezeichnet
Qualys wurde bei den SC Awards Europe 2025 in zwei Kategorien ausgezeichnet: wurde als “Best Cloud Security Solution” ausgezeichnet und bereits zum dritten Mal in Folge erhielt den Titel “Best Vulnerability Management Solution”. Die SC Awards Europe zählen zu den traditionsreichsten und renommiertesten Auszeichnungen im Bereich Cybersicherheit. […] First seen on netzpalaver.de Jump to article:…
-
Anton’s Security Blog Quarterly Q2 2025
Tags: ai, automation, breach, ciso, cloud, cyber, defense, detection, google, governance, guide, metric, office, RedTeam, siem, soc, software, supply-chain, threat, vulnerability, vulnerability-management, zero-trustAmazingly, Medium has fixed the stats so my blog/podcast quarterly is back to life. As before, this covers both Anton on Security and my posts from Google Cloud blog, and our Cloud Security Podcast (subscribe). Top 10 posts with the most lifetime views (excluding paper announcement blogs): Anton’s Alert Fatigue: The Study [A.C.”Š”, “Šwow, this…
-
Role of AI in Vulnerability Management
Vulnerability management is a continuous process of detecting, prioritizing, and addressing security weaknesses in software applications, networks, and systems. This proactive approach is vital for protecting an organization’s digital infrastructure and ensuring overall security. To streamline and enhance this process, integrating artificial intelligence (AI) is key. AI-powered platforms are revolutionizing vulnerability management by enabling quicker……
-
How Exposure Management Helps Communicate Cyber Risk
Tags: access, attack, awareness, best-practice, business, cio, cyber, cybersecurity, data, framework, metric, risk, risk-management, threat, tool, update, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. This week, Tenable experts discuss best practices for communicating cyber risk. You can read the entire Exposure Management Academy series here. Despite headline-grabbing incidents and keen interest from C-suites and boardrooms, many security…
-
Stop Blaming CVSS: The Real Problem in Vulnerability Management is Us
CVSS is not the enemy, so the sooner we stop blaming the tool and start fixing the system around it, the better off we’ll all be. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/stop-blaming-cvss-the-real-problem-in-vulnerability-management-is-us/
-
The highest-paying jobs in cybersecurity today
Tags: access, ai, application-security, cisco, cloud, compliance, control, corporate, cybersecurity, data, defense, detection, firewall, governance, grc, hacker, identity, incident response, infrastructure, intelligence, jobs, network, penetration-testing, privacy, risk, risk-assessment, risk-management, skills, soc, threat, tool, training, vulnerability, vulnerability-managementSee “Top 12 cloud security certifications”See “CISSP certification: Requirements, training, exam, and cost”See “CCSP certification: Exam, cost, requirements, training, salary” Security engineer: After security architects, security engineers receive the second-highest annual cash compensation ($191,000), with a base salary of $168,000. Nearly a third (31%) of security engineers surveyed also received annual equity grants.Like their architect…
-
Exposure Management Is the Future of Proactive Security
Tags: attack, business, cloud, compliance, corporate, cybersecurity, data, guide, identity, Internet, jobs, mobile, risk, skills, strategy, technology, threat, tool, update, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Jorge Orchilles, Senior Director of Readiness and Proactive Security at Verizon, offers an up-close glimpse at the thinking that drove his move to exposure management. You can read the entire…
-
Mit künstlicher Intelligenz und Laufzeitkontext die Schwachstellenbehebung beschleunigen
In der Cloud zählen Sekunden. Angreifer benötigen oft weniger als zehn Minuten, um Schwachstellen auszunutzen dennoch dauert deren Behebung in vielen Unternehmen Wochen oder sogar Monate. Ein Grund: Sicherheitsteams kämpfen mit unübersichtlichen CVE-Listen, mangelndem Kontext und begrenzten Ressourcen. Mit dem neuen Update seiner Schwachstellenmanagement-Lösung bringt Sysdig erstmals KI-gestützte, kontextbasierte Abhilfemaßnahmen direkt in die Arbeitsprozesse […]…
-
Breaking the silos: A unified approach to vulnerability management
First seen on scworld.com Jump to article: www.scworld.com/resource/breaking-the-silos-a-unified-approach-to-vulnerability-management
-
New Cybersecurity Executive Order: What You Need To Know
Tags: ai, cisa, cloud, communications, compliance, computing, control, cyber, cybersecurity, data, defense, detection, encryption, exploit, fedramp, framework, government, identity, incident response, infrastructure, Internet, iot, network, office, privacy, programming, resilience, risk, service, software, supply-chain, technology, threat, update, vulnerability, vulnerability-management, zero-trustA new cybersecurity Executive Order aims to modernize federal cybersecurity with key provisions for post-quantum encryption, AI risk and secure software development. On June 6, 2025, the White House released a new Executive Order (EO) aimed at modernizing the nation’s cybersecurity posture. As cyber threats continue to evolve in scale and sophistication, the EO reinforces…
-
Dems want watchdog study of two troubled federally-funded vulnerability tracking initiatives
The CVE program publishes standardized information about known cyber vulnerabilities, while the NVD is a storehouse for vulnerability management data. First seen on cyberscoop.com Jump to article: cyberscoop.com/gao-vulnerability-management-letter-cve-nvd-bennie-thompson-zoe-lofgren/
-
8 things CISOs have learned from cyber incidents
Tags: apt, attack, authentication, backup, breach, business, ciso, compliance, cyber, data, defense, detection, endpoint, exploit, incident, incident response, infection, insurance, jobs, malicious, malware, metric, network, ransom, ransomware, RedTeam, risk, skills, tool, training, update, virus, vulnerability, vulnerability-management, zero-trust2. You’ll need shift from defense to offence: The role and the CISO won’t be the same after an incident.”My job on December 11 was very different from my job on December 12 and beyond, says Brown.Following an incident, some organizations need to change to such an extent that they need a different CISO with…
-
How to Use Risk-Based Metrics in an Exposure Management Program
Tags: attack, business, cloud, control, cybersecurity, data, exploit, guide, intelligence, iot, metric, mobile, monitoring, risk, service, threat, tool, update, vulnerability, vulnerability-managementEach Monday, the Tenable Exposure Management Academy provides the practical, real-world guidance you need to shift from vulnerability management to exposure management. In this post, Tenable security engineers Arnie Cabral and Jason Schavel share how you can use risk-based metrics. You can read the entire Exposure Management Academy series here. We’re information security engineers at…