Made with FlowPaper - Flipbook Maker
Vulnerability Management Edition Oct 2021 Amitai Ratzon, CEO VULNERABILITY MANAGEMENT HAS FAILED GRC• • • • • 2021-10-19_CIOReview_final_print.indd 119.10.2021 09:16:18Optimize SAP Job Scheduling With Tidal Automation An enterprise workload automation platform for orchestrating mission-critical processes Some of the largest organizations in the world running SAP count on Tidal to orchestrate their SAP job scheduling within their enterprise business processes. Tidal offers a comprehensive set of pre-built integrations for SAP – covering legacy solutions and the latest SAP offerings. Contact info@tidalsoftware.com to learn more. tidalsoftware.com With Tidal, businesses using SAP save valuable resources, meet SLAs and accelerate time-to-value for their SAP investment. Improve SAP Operations Increase Visibility & Control Satisfy Compliance Requirements Apply Robust Scheduling FunctionalityCopyright @2021 GRC Outlook. All Rights Reserved. The content and images used in the publication should not be reproduced or transmitted in any form or by any means without the prior permission of Grc Outlook. Landon Noah Emily Ava Visualizers editor@grcoutlook.com Sophia Loren Joe TylerAnthony John Editorial staffs Natasha Jacob Managing Editor Copyright @ GRC Outlook 2021 Network vulnerabilities are security loopholes that attackers could misuse to damage network resources, trigger a denial of service, and/ or steal potentially sensitive information. Attackers are constantly looking for new vulnerabilities to exploit and exploit old ones that may not have been patched. A vulnerability management framework that regularly checks for new vulnerabilities is critical to preventing cybersecurity breaches. Without a vulnerability test and patch management system, old security breaches can linger on the network for a long time. This gives attackers more opportunities to exploit vulnerabilities and carry out their attacks. According to a survey data in Infosecurity Magazine, of those organizations that "suffered a breach, nearly 60% was due to an unpatched vulnerability." In other words, nearly 60% of the data breaches suffered by respondents could have been prevented simply with a vulnerability management plan that applies critical patches before attackers exploit the vulnerability. One of the fastest ways to create a vulnerability management process is to use a vulnerability management service. Your service provider likely already has a strong set of tools and an experienced team that will be used to create patch and vulnerability management plans. This helps them build a better vulnerability management system to close security gaps in their business. Vulnerability management is hard. You have to perform it continually to ensure that all of your systems and applications are always up- to-date and that you identify each new vulnerability as soon as possible. You may need to change the mindset of your security teams. The best way is to implement continuous processes that will affect their day-to-day work. Periodic testing and remediation just aren’t enough if you want to ensure that you keep on top of your security status. Many organizations choose to use a dedicated vulnerability management service because it is easier to implement and manage. The Top 10 Vulnerability Management Solutions edition is focused on helping you steer with right decisions and setting up a robust and action-biased system in place. It will help you eliminate the need to add dedicated internal payroll personnel, and reduce vulnerability management costs. The Time of Being Pro-active is Now Natasha Jacob Managing Editor Sam Morris Sales sam@grcoutlook.com sales@grcoutlook.com EDITOR'S LetterKeeping Defenses in Place A Game Changer in IT Management Transforming Tech Industry Automated Security for Every Purpose EXODUS INTELLIGENCE BARAMUNDI SOFTWARE FLEXERA BEYOND SECURITY Logan Brown, President & CEO Dr. Lars Lippert, Managing Director Jim Ryan, CEO Aviram Jenik Co-founder & CEO 16 30 20 21 VULNERABILITY MANAGEMENT HAS FAILED GRC Amitai Ratzon, CEOCOVER STORY Page No 08 44 32 38 36 A DEVOPS PLATFORM FILLS A CRITICAL GAP IN VULNERABILITY MANAGEMENT GLOBAL DATA PROCESSING AGREEMENTS FOR GLOBAL CYBERSECURITY PROVIDERS AND THEIR CUSTOMERS SHIFTING WORKPLACES, INCREASING VULNERABILITIES: 4 ESSENTIAL STEPS FOR ENDPOINT PROTECTION IN A COMPLEX WORLD BUILDING A ROBUST NATIONAL CYBERSECURITY AWARENESS MONTH PROGRAM CAN HARDWARE SECURITY MODULES (HSM) LOWER YOUR INSURANCE COSTS? Brad Beutlich, Vice President Sales Western Region and LATA at Entrust Lothar Determann, Partner, Baker & McKenzie LLP Shawn Taylor, Senior Systems Engineer, Forescout 22 3 (NOT-SO-) SIMPLE RULES OF VULNERABILITY MANAGEMENT David Lam, CISSP, CPP Partner by Ciso at Millerkaplan Christine Izuakor, PhD, CISSP, CEO, Cyber Pop-up Cindy Blake, Senior Product Marketing Manager, Security Specialist, GitLab More Security, Less Constraint SKYBOX SECURITY Jim Ryan, CEO 34 CONTENT PAGE 28 VULNERABILITY MANAGEMENT IN INDEPENDENT RETAIL STORES Elie Y. Katz, president and CEO of National Retail Solutions (NRS).Amitai Ratzon, CEOL egacy vulnerability management concepts contribute to blindsiding defenders and risk managers at a time of Ransomware proliferation The Rising Vulnerability Tide As the pace of digitization and new software applications rises, more and more code is written with suboptimal security practices. As a result, the number of vulnerabilities introduced to the world continuously grows. Despite the modern DevSecOps practices, the tide is still coming. When the vulnerability management practice was introduced roughly 20 years ago there weren’t that many vulnerabilities to deal with. For reference, in the year 2000, there were approximately 1000 disclosed vulnerabilities. The manual process of reviewing and analyzing the vulnerability scan, checking its validity, and then remediating according to the outcome, correlated with the number of findings. Since then the number of vulnerabilities has increased exponentially. Every year, thousands of new vulnerabilities are discovered, piling on one another, and making it more difficult to prioritize the critical fixes. VULNERABILITY MANAGEMENT HAS FAILED GRCNext >