This may contain promotional content. Learn more.
A Their Story interview with Sean Martin and Marco Ciappelli
Guests: Eoin Keary and Rahim Jina
The organization telling us their story today is Edgescan
What have we learned in 5 years of vulnerability assessment analysis? Does history continue to repeat itself?
For five years running, Edgescan has conducted an annual survey to analyze the state of vulnerability assessment programs within organizations across the globe. With new data points in hand, giving their team the ability to evaluate year-over-year changes, this year’s Vulnerability Stats Report (opens a non-gated PDF) raise the obvious question: “Have we learned anything to help make our businesses more secure?”
The answer isn’t as obvious nor straightforward. These are some of the points raised during our chat that prove this point:
Are we getting better at time-to-fix? How does the size of an organization change the time-to-fix equation? Does size matter?
We’re generally good at agile development—however, are we maturing at the same rate in agile vulnerability management? Are apps being deployed faster than we can secure them?
Where are we finding the weaknesses? How has the technology stack changed the way we (need to) look at vulnerability management?
Are we addressing the most critical issues like we would think or expect?
What makes for an effective vulnerability management team? How has this role and function changed over the years?
The survey also uncovers that many companies seem to be investing in artificial intelligence and machine learning technologies to help with risk management, detection, and response. Yet, these investments aren’t making a significant change in the level of confidence. These technologies aren’t the silver bullet, and the human element is still critical as they bring the risk assessment to the table.
With this last point in mind, assuming you are human, you may want to listen to this chat and also read their report to get a view into how you can work with your peers—and the technology—to reduce risk through full-stack vulnerability management.
Prefer a podcast? Have a listen!
Read the report (don’t worry, it’s NOT gated!)
Want more Vulnerability Stats Report goodness from Edgescan?
Listen to the RSA Conference 2019 review of the 2019 Vulnerability Stats Report.
Listen to Sean and Eoin discuss the 2018 Vulnerability Stats Report in Dublin, Ireland.