Eye on Security

The latest on cybersecurity threats and news from FireEye.

RSS 0 0

Busting the Myths of Vulnerability Management

Updated a long time ago.

FireEye Chief Intelligence Strategist, Christopher Porter had the opportunity to speak with Jared Semrau, head of our Vulnerability and Exploitation intelligence team. Jared discusses how his team gathers information on new and existing exploitable bugs, combines that with what FireEye knows from engagements and device detections, and how they map that intelligence to known threat actors. There are a lot of myths going around about how vulnerability management should be handled and this discussion helped cut through a lot of that.

Listen to the podcast to join this conversation and to learn why FireEye rates less than 0.01% of its vulnerabilities as critical, compared to 10% of vulnerabilities being rated critical by public sources. Jared did a great job explaining for me how this focus on only the truly critical and exploitable vulnerabilities helps our clients better utilize their limited threat hunting resources and keep operational systems online as much as possible without unnecessary out-of-cycle patching.