On January 15, 2020, the Department of Defense (DoD), through its Defense Innovation Unit (DIU), issued an open call to vendors to fulfill a contract to help improve their technology and inventory management. According to the DoD, “The DoD’s current systems for inventory management are custom-built and do not interface with best of breed market solutions, do not efficiently identify assets, and do not provide an integrated view of vulnerability and patch prioritization across the network for each asset.”
The DoD’s custom iteration of patch management is not meeting its high standards. In the DoD’s words, the current method, “takes too much [time] to assess, test, and deploy patches, that fix newly identified vulnerabilities. This timeline must be shortened for success.”
Even a subsidiary of the DoD can struggle to make its proprietary software function at optimal efficiency. In this instance, the simple solutions could make things more effective. It may be easier to see what is available on the market rather than relying on in-house technology. Either as a replacement or an augmentation of your existing capabilities, consider the DoD’s approach. In an area where speed and accuracy are important, it makes sense to consider all your options
Self-refection on your current state is always a good start. It is even better to make frequent reassessments of your capabilities to maintain a process of continuous improvements. A stagnant security system remains vulnerable to adaptive technology. The DoD recognizes the need for frequent updates to fix any gaps within their coverage, hence the call to vendors. A maturity assessment is always a relevant tool to make use of. It allows you to remain up to date with your security software and to gauge the progress you have made already.
Furthermore, the adoption of an off-the-shelf program from the DoD speaks well to the efficiency of the selected program. We’ll be following this story to see the selected vendor and to update you on the choice. While it may not be the best fit for your enterprise, adoption of a vendor by the DoD – an organization with low risk tolerance for security breaches – may provide your organization with example of high-standard evaluation criteria and metrics to use in your own product search.
Qualys VMDR and Ivanti have announced a new partnership dedicated to improving the detection and patching of vulnerabilities. Announced July 30, the Qualys and Ivanti Partnership have already gone live as an integrated component of the VMDR solution.
IBM is changing the terms of its ubiquitous Passport Advantage agreement to remove entitled discounts on over 5,000 on-premises software products, resulting in an immediate price increase for IBM Software & Support (S&S) across its vast customer landscape.
RiskSense announced on July 13 its new version of the cloud-delivered RiskSense risk management platform. The main draw of the program is its holistic risk calculation across CVEs and CWEs.
Cyberthreats are omnipresent for any enterprise. Monitoring ingress and egress points while still conducting business is a balance security professionals attempt to strike. Couple this with the continued security issues around remote work during the pandemic, and security teams have their hands full.
On May 26, Kenna Security released its new Prioritization to Prediction Benchmark Survey. This free tool provides organizations with the ability to compare their vulnerability management programs to industry averages Kenna Security has compiled over the years.
COVID-19 has changed a great deal about how businesses operate. From a security perspective, however, COVID-19 caught many businesses off guard. The shift from working in the office to working from home has made it difficult for security measures to keep pace. Specifically, how are businesses meant to maintain the same secure networks when their employees are no longer working in the office? Outside of the security of the IT departments, IT and security have a tough time ensuring that patching and vulnerability management remain at the forefront of a business’s priorities.
Google has identified “unsafe” code in the Chromium web browser engine. This flaw introduces a potential vulnerability that effects Google Chrome, as well as all Chromium-based web browsers.
More than ever, cybersecurity solutions are core to any MSPs offering. No longer should technology service providers be farming this out to dedicated security providers. Trust and peace of mind are the core tenets of what they are selling and solutions like Acronis Cyber Protect Cloud can provide the platform upon which to deliver on those promises.
Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.