Feb 26, 2021
Besides death and taxes, there seems to be one more thing we can rely on as certain—software vulnerabilities.
With new software being released at a faster rate than old software is being discontinued, it seems likely that the number of vulnerability disclosures per year will maintain the accelerating upward trend seen since 2016. Following logically, we can also expect the number of patches for these vulnerabilities to increase accordingly.
Last year, risk-based security coined the phrase “Vulnerability Fujiwhara Effect”. In meteorology, the Fujiwhara Effect is a phenomenon that occurs when two tropical weather systems get close to each other and occasionally merge. For vulnerability management, this phenomenon occurs when multiple software behemoths like Microsoft, Oracle, or Adobe release their software updates and patches on the same day. This confluence of patch releases creates major headaches for IT teams and occurred three times in 2020.
Given that Microsoft had a total of 1,250 patches last year (an increase of 49% from 2019), it seems likely that headaches will become the norm with Fujiwhara Patch Tuesdays being the expected forecast.
Managing this vulnerability onslaught will test the mettle of IT departments across the globe. As we all know, not every patch needs to be implemented immediately, but how do we determine which vulnerabilities are the most critical?
TOPIA, an efficient, streamlined, and aesthetically pleasing vulnerability management system, figures it out for you. Based on your organization’s unique digital footprint, TOPIA prioritizes vulnerabilities using predictive analysis, contextual risk and known CVEs. Any available patches can be implemented immediately or scheduled during off hours. Patches can be implemented on a single high-risk asset, within an individual team or department, or throughout your entire organization. The keys to adapting to this inundation of vulnerabilities are automation and flexibility. TOPIA gives you both and makes them easy to use.
CISAnalysis - September 30, 2022Evan Kling September 30, 2022
Not So Fast: Analyzing the FastCompany HackJohn Kilhefner September 29, 2022
How to test application with ZAP - Part TwoJenny R September 28, 2022
How to test application with ZAP - Part OneJenny R September 28, 2022
The World's Worst Hackers Have FlagsPaul Lighter September 27, 2022