Vulnerability, patch, and configuration management are not new security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage these capabilities effectively. The quantity of outstanding vulnerabilities for most large organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new vulnerabilities in their infrastructure and applications. When you add in the cloud and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, security may seem unachievable.
POSTER
Key Metrics: Cloud & Enterprise | Vulnerability Management Maturity Model
This poster was developed by Jonathan Risto and AJ Yawn.
Key Metrics: Cloud and Enterprise delivers a set of essential metrics to generate, provide, and review with the Technical, Operational, and Executive partners of the organization. Providing both early-stage and advanced metrics, organizations can generate meaningful metrics across the Identify, Protect, Detect and Respond functions of their security programs.
The SANS Vulnerability Management Maturity Model helps you gauge the effectiveness of your Vulnerability Management program. The model details key activities performed within Vulnerability Management on a 5-point scale. Leveraging the model, you can categorize your program’s current capabilities to create a clear roadmap to improve your program.
Download your FREE copy here.
NEWS
- Firms Push for CVE-Like Cloud Bug System
- Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers
- Researcher Releases PoC for Recent Java Cryptographic Vulnerability
- 2021 Top Routinely Exploited Vulnerabilities - A joint security bulletin coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom lists the top 15 exploited vulnerabilities in 2021
- Cisco Vulnerability CVE-2022-20695
- VMWARE Remote Code Execution (RCE) vulnerability
- ‘Groundbreaking’ CISA directive to overhaul cyber vulnerability management process
- Can understanding flaws in malware help defenders prevent attacks?
WEBCASTS
Understand Vulnerability Management Maturity with a Self-Assessment Tool, May 2023
- Securing Cloud Data: The Hidden Vulnerabilities of SaaS Platforms, July 2021
- REKT Casino Hack Assessment Operational Series – Vulnerability Management Gone Wrong, March 2021
- Reimagining Vulnerability Management in the Cloud, Aug 2020
- SANS Vulnerability Management Maturity Model, Aug 2020
- Cloud Security Vulnerabilities, Management, and Communication, June 2020
- Top Five Vulnerability Management Failures (And Best Practices), June 2020
- Enterprise and Cloud | Threat & Vulnerability Assessment, June 2020
- Domain Password Auditing with the Cloud, April 2020
- Passwords are a Solvable Problem!, Feb 2020
- How to Communicate about Security Vulnerabilities Jan 2020
SURVEYS
- SANS 2022 Vulnerability Management Survey: Detecting and Combatting Cloud Environment & Supply Chain Vulnerabilities, Oct 2022
- A SANS 2021 Survey: Vulnerability Management - Impacts on Cloud and the Remote Workforce, Nov 2021
- A SANS 2021 Survey: Vulnerability Management - Impacts on Cloud and the Remote Workforce Panel Discussion, Nov 2021
- SANS 2020 Vulnerability Management Survey, Nov 2020
- SANS 2020 Vulnerability Management Survey: A Panel Discussion, Nov 2020Workforce Transformation & Risk: A SANS Survey, Dec 2019
LIVE STREAMS
Download notes from this live stream here.
BLOGS
- Vulnerability Management Maturity Model - Self Assessment Tool (VMMM-SAT), May 2023
- 5 Metrics to Start Measuring in Your Vulnerability Management Program
- Vulnerability Management Maturity Model, Part I
- Vulnerability Management Maturity Model, Part II
- The Cyber Capability Development Centre (CCDC) Concept, May 2019
ADDITIONAL RESOURCES
CISA Know Exploited Vulnerabilities - CISA publishes a list of known exploited vulnerabilities that the federal government must remediate. If it is on this list you should ensure your organization has mitigated it
2021 Top Routinely Exploited Vulnerabilities - A joint security bulletin coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom lists the top 15 exploited vulnerabilities in 2021
Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive 22-01
