Busting the Myths of Vulnerability Management
about 11 days ago.
Updated about 11 days ago.
FireEye Chief Intelligence Strategist, Christopher Porter had the opportunity to speak with Jared Semrau, head of our Vulnerability and Exploitation intelligence team. Jared discusses how his team gathers information on new and existing exploitable bugs, combines that with what FireEye knows from engagements and device detections, and how they map that intelligence to known threat actors. There are a lot of myths going around about how vulnerability management should be handled and this discussion helped cut through a lot of that.
Listen to the podcast to join this conversation and to learn why FireEye rates less than 0.01% of its vulnerabilities as critical, compared to 10% of vulnerabilities being rated critical by public sources. Jared did a great job explaining for me how this focus on only the truly critical and exploitable vulnerabilities helps our clients better utilize their limited threat hunting resources and keep operational systems online as much as possible without unnecessary out-of-cycle patching.