Vulnerability
Insights
Blog
Microsoft Announces Defender Vulnerability Management
Microsoft recently announced Defender Vulnerability Management is available in a 120-day public preview as as a standalone, endpoint detection and response (EDR)-agnostic option. Defender for Endpoint Plan 2 customers have the option to purchase new add-on capabilities, while Defender for Endpoint Plan 1 customers will need to purchase the full standalone version. This release is […]
Blog
Plan Your Response To CISA Emergency Patching Directives
The US Cybersecurity and Infrastructure Security Agency and other government agencies will continue to weigh in on vulnerability and patch management. Be prepared to respond.
Blog
Meet The New Analyst Covering Vulnerability Risk Management: Erik Nost
What Topics Will You Be Covering at Forrester? I am very excited to be covering vulnerability risk management (VRM) at Forrester, including threat modeling and management and penetration testing. Some of the areas in VRM that I hope to explore include: Vulnerability risk prioritization, especially with new “zero days” hitting at what seems like every […]
Blog
Nontraditional DDoS Attacks Are On The Rise
If you have never heard of “DDoS amplification factor” prior to this week, you’re not alone. A new zero-day attack surfaced a vulnerability from an unlikely source: an internet-facing PBX (private branch exchange) system. Bad actors seized upon this opportunity to create a 4,294,967,296:1 amplification load. Yes, that’s 4 billion to one. This is a […]
Blog
The Top Seven Most Misused Terms In Cybersecurity
When vendors or practitioners use different words to communicate the same thing, confusion ensues. Let's take steps toward settling on a common vocabulary.
Blog
Savvy Cybersecurity Programs Focus On Competence, Integrity, And Empathy
As of July 31, 2021, the FBI’s Internet Crime Complaint Center saw a 62% increase in reported ransomware incidents compared with the same time frame in 2020. Intrusions in environments spanned various types of infrastructure, with 35% exploiting software vulnerabilities and 32% using supply chains and third parties to obtain unauthorized access, per Forrester data. […]
Blog
Announcing Forrester’s New Research On Attack Surface Management
As I watched the December 2021 Log4j situation unfold (and it continues … ), the importance of IT asset visibility couldn’t have been clearer. So many security and IT teams struggle to maintain much-needed visibility into an increasingly complex and distributed IT environment because so much of an organization’s estate is unknown or undiscovered due […]
Blog
Divide And Conquer: Rapid Response To The Apache Log4j Vulnerability
It’s been … a weekend for security pros. The Apache Log4j vulnerability (CVE-2021-44228) affects somewhere between 0 and 3 billion-plus of the devices currently running Java. Luckily, a metric ton of amazing advice exists on #InfoSecTwitter right now. It’s a lot to consume at once, which is why we‘ve put together three parallel workstreams you […]