Our Thinking

5 SIGNS YOUR APPLICATION SECURITY ASSESSMENT PROCESS NEEDS A REBOOT

Many organizations use manually intensive processes when onboarding their application security assessments. Compare the following process with your own experience: Schedule the application security assessment. Assign internal/external penetration testers to conduct the test. Conduct the application security assessment and/or vulnerability scan. Report application vulnerabilities to the remediation team using a method of copy-and-paste. from various November 16, 2018

DATA SILOS: ARE THEY REALLY A PROBLEM?

Data silos happen naturally for many reasons. As an organization grows and their security maturity evolves, they’ll likely end up with one or more of these scenarios. Using multiple security testing scanners: As the security landscape evolves, so does the need for security testing tools, including SAST and DAST/IAST tools, network perimeter tools, internal or October 31, 2018

RECURRING VULNERABILITY MANAGEMENT CHALLENGES THAT CAN’T BE IGNORED

Stories of new data breaches grab headlines again and again. Many of these breaches are the result of known vulnerabilities left un-remediated, and in some cases, organizations have been aware of these vulnerabilities for years. Why weren’t these problems fixed sooner? Wouldn’t organizations try to fix them as soon as possible to avoid a breach? October 15, 2018

WHAT’S NEXT AND NEW WITH NETSPI RESOLVE

Here at NetSPI, we see firsthand the struggles enterprises face to fix vulnerabilities. It’s concerning when our pentesters and customers continue to find the same vulnerabilities that have yet to be remediated – at the same client, year after year. The struggle faced by enterprises in managing vulnerabilities is not limited to manual penetration testing September 28, 2018

HOW TO STREAMLINE PENTEST DATA TO SECURITY ORCHESTRATION

Previously, we discussed best practices for tracking vulnerability data through to remediation. In this post, we’re explore the challenge of streamlining human penetration testing (pentesting) data into the vulnerability orchestration process. We provide three best practices you can use when engaging a third-party pentesting company to ensure the pentesting data is delivered in a way September 14, 2018

HOW TO TRACK VULNERABILITY DATA AND REMEDIATION WORKFLOW

Vulnerability data must be tracked in order to ensure remediation – or vulnerabilities can fall through the cracks leaving your organization exposed. Most vulnerability data comes from scanners, though the most important vulnerability data often comes from humans. In this third post of a four-part series on threat and vulnerability management tools, we provide guidance August 31, 2018

SECURITY ORCHESTRATION VS AUTOMATION: WHAT’S THE DIFFERENCE?

In the post Are You Flooded with Vulnerabilities?, we explored the ever-growing mountain of data that organizations face in managing their vulnerabilities. While software is at the root of the vulnerability problem, it’s also the solution. As individuals approach large volumes of data, software can support better decision making, collaboration, tracking, and visualization. The key August 17, 2018

ARE YOU FLOODED WITH VULNERABILITIES?

Most organizations have more vulnerabilities than can be fixed at current resource levels. Halfway through 2018 the NVD is on pace to match the historic 20,000 published CVEs in 2017. A perfect storm of circumstances can make it difficult for your threat and vulnerability management program to maintain a good security posture. Multiple scanners are July 27, 2018
Close
612.465.8880 sales@netspi.com