Tenable Blog

For many of us in the information security industry, the vulnerability disclosure debate is old and tired. I’ve been dealing with this myself going on twenty years now. The underlying debate hasn’t changed much, but there have been a few new wrinkles and nuances added over the years. At its core, the debate is about how someone who finds a security vulnerability and the vendor of the product in which it was found should behave.

When shopping for a cloud-based vulnerability management (VM) solution, not all cloud environments are equal. While cost savings are a big draw, several significant features can help you achieve the maximum benefits from your vendor’s solution. In Putting the Cloud to Work in Vulnerability Management, Diane Garey summarizes the advantages of a cloud-based VM solution and enumerates the most important features that you should look for.

Security teams often lack accurate knowledge of assets on their networks. In particular, ignorance about laptops, BYODs, services, and SaaS applications can pose significant security risks. Unmanaged patching and noncompliant configurations present weaknesses that can spell trouble for your network.

Buying expensive and sophisticated security technology is a real challenge. Vendors will advise you on technology that is best suited for a particular situation, but they are also just trying to sell product. Before you sign on the dotted line, you need to ask the right questions to make sure you don’t end up with shelfware – underutilized technology.

With the proliferation of cloud, mobility and BYOD, endpoint protection is front and center in security departments these days. Focusing on threat detection is important, but eliminating weaknesses that provoke the attacks is also critical in the endpoint battle.