Vulnerability overload got you down? Attend my talk at the RSA Conference 2019 and learn about a new approach to cyber risk management.
It's that time of year again - the RSA Conference (RSAC) 2019 descends on San Francisco March 4-8. The crowds will likely be thicker than ever. The lines for just about everything even longer. But the biggest problem for those inside the Moscone Center is deciding where you should spend your time amidst the noise and flashing lights.
If you're faced with vulnerability overload, as I presume many of you are, you need to check out Tenable's new Predictive Prioritization functionality. It's now shipping as part of Tenable.sc and will be available soon in Tenable.io. We'll demonstrate it during RSAC, among the many activities we have planned at Tenable booth 5445 in the North Hall.
Predictive Prioritization is a data science-based approach to help you fix first the vulnerabilities that matter most. It dramatically improves remediation efficiency and effectiveness by letting you focus on the specific vulnerabilities that have been or will likely be exploited. The result is a potential 97% reduction in the vulnerabilities you need to remediate with the highest priority.
Predictive Prioritization is designed to augment the existing CVSS scoring system. An interesting perspective on issues surrounding CVSS -- and the inherent weakness of using it for vulnerability prioritization -- is described at length in this paper from Carnegie Mellon University’s Software Engineering Institute.
At RSAC 2019, I’ll be giving a talk entitled ‘Cyber-Risk Management: New Approaches for Reducing Your Cyber-Exposure’ on Thursday, March 7 at 1:30 in Moscone South Esplanade, Room 153. My presentation will go into some depth on Predictive Prioritization and place it in the context of the overarching problem of cyber risk management. Here’s a quick preview: