Blog Posts Tagged with "Patch Management"
Three Tips for Effective Vulnerability Assessments
January 23, 2013 Added by:Dan Dieterle
Regular vulnerability assessments are essential because threats to your network security continually change and evolve, and your security should be able to match this. A user’s PC or network access point might be secure today, but it could become completely vulnerable tomorrow...
Comments (0)
Why Patch Management is Vital to Your Business Network Security
October 22, 2012 Added by:Dan Dieterle
Patch management systems enable you to maintain full control of your systems’ patching activities. You can deploy security patches to test machines, and then push them out to all the rest of your machines, and also run reports to ensure that you have 100% compliance across all servers and workstations...
Comments (9)
Brittle Systems - Unmasking Enterprise Security's Quiet Danger
October 13, 2012 Added by:Rafal Los
Besides all the obvious security vulnerabilities in your enterprise there is an even bigger problem lurking just below the water. At that intersection between critical system and security vulnerability is something many IT professionals acknowledge as the big pink elephant in the room - the "brittle system"...
Comments (0)
Seven Tips to Improve Patch Management
September 12, 2012 Added by:Dan Dieterle
The amount of time many companies spend on patching, the problems they have deploying patches, the perception that patching causes problems, and a general lack of understanding about what it takes to patch, all combine to make patching such a major issue...
Comments (0)
The Five Most Important Reasons to Perform Network Auditing
June 21, 2012 Added by:Dan Dieterle
Network auditing may sound like an arduous task but, with the right tools and the right approach, it can be an easy to perform and critical aspect of your network management. If you are not yet performing regular network auditing, use these five important reasons to convince management it’s time to start...
Comments (1)
Protecting Data in Use
April 26, 2012 Added by:Simon Heron
The security of data in use is about risk mitigation. However, with the current targeted attacks and the proliferation of zero day threats, the risk level is high. It is necessary that action is taken to implement the required precautions that reduce the risk to an acceptable level...
Comments (0)
Filling in some Blanks on Network Segmentation Faults
April 18, 2012 Added by:Jack Daniel
A couple of thoughts on the segmentation-for-security concept are worth elaboration: grouping by OS makes sense from a management perspective, but if you do that it won’t stop the aforementioned Bad Things from running wild, so consider how best to segment for your situation...
Comments (0)
Pain Comes Immediately – Secure Development Takes Time
April 17, 2012 Added by:Alexander Rothacker
Once a patch to a vulnerability is released, the vendor should give as much guidance as possible to its customer base so that they can make an informed decision on how to mitigate — may it be a workaround, such as disabling some functionality, configuring compensating controls...
Comments (0)
One-Day Exploits, Binary Diffing and Patch Management
April 05, 2012 Added by:Pierluigi Paganini
One-Day exploits have a reduced possibility of success due the potential for patching by a target, but the attacks are still insidious and cheaper in comparison to Zero-Days - it's quite simple to retrieve the information on the internet and use tools to commit the attacks...
Comments (0)
Continuous Patching: Is it Viable in the Enterprise?
February 28, 2012 Added by:Rafal Los
The way patching works right now on all different levels I'm surprised anything works because we have operating system patches going in with application patches - and we're all just a heartbeat away from catastrophe. Maybe more continuous patching can be our savior...
Comments (2)
It's Time to Evolve How We Protect Our Data
January 24, 2012 Added by:Josh Shaul
Advanced systems for protecting databases have been available for several years now, and have become mature and reliable technology. Databases can be locked down with secure configurations, strong access controls, and effective patch management strategies...
Comments (0)
Security Without Patches
October 12, 2011 Added by:Gabriel Bassett
The Fortification Principle implies that defense is at a disadvantage when using patches as mitigation. Instead, I propose you secure your network without patching. I don’t mean to never patch, but plan to only apply security patches and configuration changes for regular deployment cycles...
Comments (1)
Do You Always Need to Install Software Updates?
September 12, 2011 Added by:Cor Rosielle
Whether it is necessary to install an available patch or not is an individual assessment for each company. To determine whether or not this is sensible, we can not blindly and without thinking install any available update. No, to determine that we must use use our brains. Ouch...
Comments (5)
CERT Warns of Iconics SCADA Software Vulnerability
May 13, 2011 Added by:Headlines
GenVersion.dll is a component used by the WebHMI interface. By passing a specially crafted string to the SetActiveXGUID method, it is possible to overflow a static buffer and execute arbitrary code with the privileges of the logged on user. Users could be lured to malicious sites...
Comments (1)
Understanding the Intent of PCI Requirement 11.2
February 09, 2011 Added by:PCI Guru
Requirement 11.2 requires that vulnerability scanning is performed at least quarterly. Given the 30 day patching rule and the fact that scanning must be performed after all “significant” changes, an organization really needs to conduct monthly scanning at a minimum to stay compliant...
Comments (2)
Another Resolution For 2011: Secure Your Sensitive Data
February 01, 2011 Added by:Alexander Rothacker
Tack on one more resolution for 2011 – secure your sensitive information. Hackers are constantly looking for ways to access critical corporate data and have moved away from the idea of “breaking in because they can” and are looking to harvest sensitive information to sell on the black-market...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)