NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Is Vulnerability Management Still a “B” Horror Movie?

June 28, 2016

  • Blog
  • Archive

Vulnerability Management B Movie

Here we are in 2016, and the state of information security (specifically the lack thereof) feels more like a bad Toxic Avenger sequel than a box office blockbuster. We’ve had major breaches, huge failures, significant doubt, speculation about new technologies being inherently insecure, and plenty more. Crazy as it seems, many seasoned security professionals are actually experiencing “breach weariness” - how in the world did this happen? Even though we’ve been a bit like broken records, playing the same security principles and practices over and over, organizations are still falling prey to many of the same old attacks. And while it would be convenient to point the finger at technology alone, that wouldn’t be fair. To many of us are still condoning risky behaviors and ignoring best practices – which has only made a difficult situation worse.

As a professional security consultant, I see both the best and worst of the information security talent and teams out there. I see highly competent professionals, as well as some that would honestly be better off pursuing another line of work. I see companies that literally ignore the problem by refusing to spend money on improving their teams and technology. I see operational practices that make the term “cowboy culture” seem like a hallmark of deep maturity. While there are most definitely cases where organizations are doing all the right things, sadly these are consistently outnumbered by instances of poor judgement and malpractice.

What’s the deal? Why can’t we get our act together? I’ve been wracking my brain about this for years. The sad truth of the matter is that we KNOW many of the core technologies and practices needed to improve the state of security, and nowhere is that more true than in vulnerability management. There are a few foundational elements to any effective vulnerability management program - configuration management and monitoring, patch management, vulnerability scanning, and occasionally pen testing…but the hits keep on coming. Are organizations simply ignoring the things we’ve learned over the years, to get vulnerabilities under control? Or are we still missing key pieces of the equation?

I think the technology to build and maintain a mature vulnerability management program is here. The biggest issues causing us frustration aren’t related to a lack of technology - they’re deep, systemic organizational issues that aren’t getting addressed. Ask any seasoned security consultant, and they’ll likely have a long list of stories to share about failures and poor practices they’ve witnessed. We can all learn from these (anonymized) stories - can you see any resemblance to your own admins, operational practices, lack of controls, or other deficiencies?

In tomorrow's webinar “Infosec Fright Night: MORE Macabre Tales of Vulnerability Management Gone Awry" we’ll share more tales of i drama and failure related to vulnerability management, which, while hilarious in some ways, also have many important lessons to teach us. What tools DON’T work? What practices do we need to follow, and what can happen when we don’t?

Register now for an entertaining session and uncover where we can improve our own vulnerability management programs.

Photograph of Dave Shackleford

Dave Shackleford, Cybersecurity Expert and Founder of Voodoo Security

Dave Shackleford is the owner and principal consultant of Voodoo Security and a SANS analyst, senior instructor, and course author. He has consulted with hundreds of organizations in the areas of security, regulatory compliance, and network architecture and engineering, and is a VMware vExpert with extensive experience designing and configuring secure virtualized infrastructures. He has previously worked as CSO for Configuresoft, CTO for the Center for Internet Security, and as a security architect, analyst, and manager for several Fortune 500 companies.

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.