Talk to Our Experts  

Information Risk Management Blog

What is Vulnerability Intelligence? The 5 Data Challenges It Solves.

[fa icon="calendar'] Sep 28, 2016 7:46:34 AM / by Anupam Bonanthaya posted in Vulnerability management, Vulnerability Intelligence, security assessment, Security testing

[fa icon="comment"] 0 Comments

There can be no argument about the fact that Vulnerability Management is one of the oldest problems in Information Security. There are many reasons why it has remained a problem, even today.

In this post I will cover what  Vulnerability Intelligence  is and what are those tough lingering problems that it attempts to address. (btw, it is not the same as Threat Intelligence).

Read More [fa icon="long-arrow-right"]

Will a Bug Bounty Program Make Your Enterprise Secure?

[fa icon="calendar'] Jun 28, 2016 3:30:35 AM / by Anupam Bonanthaya posted in Cybersecurity, Vulnerability management, vulnerabilities, responsible disclosure, Threat Management, bug bounty

[fa icon="comment"] 2 Comments


What is common between "Hacking the Pentagon" and "Hacking Google CEO's Quora account"?

It is Bug Bounties ! The former was a super successful bounty program run by the US government last month. The latter is a hacking incident this week, "in-spite" of Quora having a bounty program.

So the million $ security question - If you are an enterprise CISO, should you go for a bug bounty program?

Read More [fa icon="long-arrow-right"]

CISOs - 10 Questions to Find if Vulnerability Management is Working

[fa icon="calendar'] Jun 22, 2016 2:09:36 AM / by Anupam Bonanthaya posted in Vulnerability management, Vulnerability Intelligence, SAVP, security analytics, vulnerabilities

[fa icon="comment"] 0 Comments


What is common in almost all incidents of criminal hacking ?

It is software vulnerabilities !

It is not rocket science to tell that. We all know it, yet we struggle with challenges in the vulnerability management programs ?

In this article I am covering 10 questions that you need to ask as the CISO to know if your vulns management is working. 

Read More [fa icon="long-arrow-right"]

4 Immediate Changes to make Traditional Vulnerability Management to Work

[fa icon="calendar'] Jun 2, 2016 8:05:00 AM / by Amit Ranjan posted in Cybersecurity, Vulnerability management, Vulnerability Intelligence, zero day, security analytics, vulnerabilities, cyberthreat, infosec, vulns

[fa icon="comment"] 0 Comments


We all know that traditional find and fix practice of vulnerability management has many challenges, and as a result is not really equipped to do a good job of managing exploits in today's information security scene. 

In this article I want to talk about the 4 things you should do in order to make it work better.

Read More [fa icon="long-arrow-right"]

Time to Re-think Vulnerability Management ? These 5 Facts Say So...

[fa icon="calendar'] May 24, 2016 11:50:53 PM / by Anupam Bonanthaya posted in Cybersecurity, databreach, Vulnerability management, Vulnerability Intelligence, security analytics, vulnerabilities, cyberthreat, infosec, vulns

[fa icon="comment"] 0 Comments


Do you know what is the most predictable trend in Information Risk Management ?

It is vulnerabilities. If you review data breach reports from the last few years, you will notice one thing that is very consistent and it is about the vulnerabilities!  The only change is that things have become worse over the years, and looks like the trend will continue.

Does it say something about our approach to managing vulnerabilities?  Perhaps!

So are we missing something? Perhaps!

In this post I have pulled out 5 trends that I feel clearly indicates that the current approach of vulnerability management is not working, and it is time to re-think our approach.

Read More [fa icon="long-arrow-right"]

13 Different Phishing Tactics and 1 Way to Prevent It

[fa icon="calendar'] Apr 20, 2016 1:14:51 AM / by Anupam Bonanthaya posted in Social engineering (security), fail-rate, Cyber Security, hackers, databreach, fall-rate, Information security, Malware, Vulnerability management, Security Trends, ransomware, Security, phishing, hacking, infosec

[fa icon="comment"] 2 Comments

 

Phishing Attacks are no longer that TOO GOOD TO BELIEVE - you have won a Million $$ jackpot kind of emails from strangers that easily stands out from your otherwise mundane life.

Today, phishing emails have got sophisticated. It is called spear phishing where the attacker tries to "custom-write" the emails to make it believable to you. They try to copy our (normal) life, and that's where it gets interesting and scary at the same time.

23% of recipients now open phishing emails and 11% click on attachments. and nearly 50% of this happens within 60-minutes of the attack !

- 2015 Data Breach Investigations Report (DBIR group)

Let me share a personal experience.

Read More [fa icon="long-arrow-right"]

30-Sec Guide: How to save from DROWNing?

[fa icon="calendar'] Mar 28, 2016 8:35:26 AM / by Naresh T A posted in Cyber Security, DROWN, CVE 2016-0800, Information security, Vulnerability management, Security, CVE

[fa icon="comment"] 0 Comments

 

Read More [fa icon="long-arrow-right"]

FREAK Vulnerability (CVE-2015-0204)

[fa icon="calendar'] Mar 18, 2015 1:33:13 AM / by Atulkumar Gaikwad posted in Risk management, Vulnerability management

[fa icon="comment"] 0 Comments

Introduction
TLS and its predecessor SSL are the security protocols designed to securely transmit the data between client and server to prevent eavesdropping and tampering. And the strength of these protocols is in the encryption keys used for communication.

Read More [fa icon="long-arrow-right"]

Shadows are there to protect your Passwords (How Shadow-Utils is storing your password in Linux)

[fa icon="calendar'] Feb 13, 2015 4:22:33 AM / by Shekhar suman posted in Linux, Cyber Security, Password, Vulnerability management, Shadow-Utils

[fa icon="comment"] 0 Comments

Our world would have been exponentially more peaceful if there was no fear of theft. We would’ve left our doors open but still enjoyed our privacy and security. Unfortunately looking at the current scenario, that’s a rather impossible fiasco and hence the need for doors and locks.
A similar case is applicable for the digital world where we have to assure complete data security. The simplest yet most important way to protect ones data even today remains with the use of passwords and robust access management systems.
Password is defined as:

Read More [fa icon="long-arrow-right"]

Understanding and Fixing the POODLE SSL Vulnerability (CVE­2014­3566)

[fa icon="calendar'] Nov 3, 2014 3:56:15 AM / by Tom Thomas posted in Vulnerability management

[fa icon="comment"] 0 Comments

Introduction

By far one of the most common protocols on the internet after HTTP is SSL. The Secure Sockets Layer (SSL) is the protocol that is used to encrypt connections between the web browser and the web server. What we refer to as SSL is essentially a suite of protocols collectively known as SSL/TLS.

Read More [fa icon="long-arrow-right"]
     

Subscribe