39 min listen
Vulnerability Management is Dead! - Rickard Carlsson - ESW #257
Vulnerability Management is Dead! - Rickard Carlsson - ESW #257
ratings:
Length:
36 minutes
Released:
Jan 20, 2022
Format:
Podcast episode
Description
Modern tech stacks are becoming increasingly complex puzzles of components built in-house and sourced from third-party vendors. With DNS at the center of the infrastructure, and staging and production being sometimes just minutes apart, scanning for CVEs is not enough to stay on top of web threats. There are lots of critical things traditional app scanners won’t catch, like dangling DNS records, subdomain takeover and open S3 buckets. To keep their growing attack surface secure, companies need to combine crowdsourced vulnerability detection with solutions that detect outliers and anomalies in their software - before these become an attack vector. In this episode we’ll discuss: - Why hunting for vulnerabilities is no longer enough to stay on top of threats - Vulnerability Management vs Attack Surface Management - How security teams can adapt their vulnerability management process to modern dev cycles. Segment Resources: More insights on how to secure your external attack surface: https://detectify.com/resources Free trial of Detectify's attack surface management solutions: https://detectify.com/product/surface-monitoring https://detectify.com/product/application-scanning This segment is sponsored by Detectify. Visit https://securityweekly.com/detectify to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw257
Released:
Jan 20, 2022
Format:
Podcast episode
Titles in the series (100)
Enterprise Security Weekly #3 - Vulnerability Management: Do you know how to manage security vulnerability? Paul and John Strand educate on the topic of vulnerability management. They explain how to have control of patching and have mitigation control. Full Show Notes:... by Enterprise Security Weekly (Video)