Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

What is the difference between a Vulnerability Assessment & a Penetration Test?

JUMPSEC Jargon Buster - What is the difference between a Vulnerability Assessment & a Penetration Test, Thom explains. Vulnerability assessments typically rely on vulnerability scanning tools to identify technical vulnerabilities making use of pre-configured test cases and signatures. A penetration test takes a contextual view of the target, combining many vulnerabilities and information sources in order to craft specific attacks with the goal of finding security weaknesses. Simply put a penetration test mimiks a skilled attacker, whereas a vulnerability assessment provides a baseline against common known weaknesses.

Honeypots: A Guide To Increasing Security

Honeypots are not a new idea. They have been part of the cybersecurity world for decades and have frequently gone in and out of “fashion” over that period. Recently, though, they have become an increasingly important part of vulnerability management. That’s for a couple of reasons. Honeypots offer real-world data on the types of threats that companies face, and they can be a powerful research tool in identifying specific threat vectors.

What is a Zero-day (0-day)?

A zero-day (0-day) is an unpatched security vulnerability that is unknown to the software, hardware or firmware developer, and the exploit attackers use to take advantage of the security hole. In general, zero-day refers to two things: Zero day gets its name from the number of days that a patch has existed for the flaw: zero. Zero-day threats represent significant cybersecurity risk because they are unknown to the party who is responsible for patching the flaw and may already be being exploited.

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 2

The path is starting to get steeper now as we climb to ML2. It is time to start defining a vulnerability management program with objectives and goals. This program is expected to grow and evolve over time as the organization grows and evolves. Start by documenting what is in place now and what objections the organization is trying to reach. The stakeholders should come from multiple departments within the organization. For example, you will need buy-in from:

Five "W's" for Vulnerability Management

As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. Vulnerability assessments are useful for detecting security issues within your environment. By identifying potential security weaknesses, these assessments help us to reduce the risk of a digital criminal infiltrating its systems.

What is an Exploit?

An exploit is a piece of software, data or sequence of commands that takes advantage of a vulnerability to cause unintended behavior or to gain unauthorized access to sensitive data. Once vulnerabilities are identified, they are posted on Common Vulnerabilities and Exposures (CVE). CVE is a free vulnerability dictionary designed to improve global cyber security and cyber resilience by creating a standardized identifier for a given vulnerability or exposure.