SlideShare a Scribd company logo

Vulnerabilty Maturity Model - Core Security

Core Security
Core Security

Organizations are overwhelmed with data from vulnerability scanners. While scanning is necessary, it isn’t enough. The Core Attack Intelligence Platform is able to consolidate vulnerability scanner sources, no matter the location or type of scanner. The result of this is a unified repository of vulnerability data. After the data is consolidated, exploits are matched and prioritized, followed by our patented “attack path engine” simulating potential attack paths to critical business assets. This results in a more focused, prioritized set of data, ready for validation and remediation. Prioritizing vulnerabilities helps narrow the list of vulnerability data by 90%.

Software
1 of 6
Download to read offline
P A G E ©2014 Co re Secur i t y How Mature is Your Vulnerability Management Program? Black Hat 2014
P A G E ©2014 Co re Secur i t y We’ve Got a Problem 2 This month’s vulnerability scanner results “A common model where all assets are scanned monthly … will include 1 million to 5 million findings” - Gartner
P A G E ©2014 Co re Secur i t y VULNERABILITY OVERLOAD 3
P A G E ©2014 Co re Secur i t y So What Caused All This? • Beyond exponential asset growth = bloated vuln scanner results • Frequent M&A activities • Virtualization in datacenters − No longer one server to one application − Multiple workloads per server − Potentially exploitable vulnerabilities skyrocket Scanning is necessary, but isn’t enough 4
P A G E ©2014 Co re Secur i t y How Mature is Your Vulnerability Mgmt Program? 5 Analysis & Prioritization Single Dashboard and Reporting Unified Repository Actionable Data MATURITY Attack Path Planning Attacker & Threat Focused Integrated to Business Risk Critical Asset Risk Vulnerability Scanning Web/Network Scanning CVSS Scoring Exploit Matching STAGE 1 STAGE 2 STAGE 3 DATA OVERLOAD EFFECTIVE PRIORITIZATION
P A G E ©2014 Co re Secur i t y What Does This Mean to You? 6 Focus on what matters most… Narrow the list of vulnerability data by 90%

Recommended

Specification of usage control requirement
Specification of usage control requirementSpecification of usage control requirement
Specification of usage control requirementBibek Shrestha
 
@GRIAusConf_Linking Sustainability Data To Value - Maria Balatbat
@GRIAusConf_Linking Sustainability Data To Value - Maria Balatbat@GRIAusConf_Linking Sustainability Data To Value - Maria Balatbat
@GRIAusConf_Linking Sustainability Data To Value - Maria BalatbatGlobal Reporting Initiative Focal Point Australia
 
Conducting a Lit Review
Conducting a Lit ReviewConducting a Lit Review
Conducting a Lit ReviewWendy DeGroat
 
The journey to evidence 2 1
The journey to evidence 2 1The journey to evidence 2 1
The journey to evidence 2 1stanbridge
 
@GRIAusConf_Linking Sustainability Data To Value - Annabelle Bennett
@GRIAusConf_Linking Sustainability Data To Value - Annabelle Bennett@GRIAusConf_Linking Sustainability Data To Value - Annabelle Bennett
@GRIAusConf_Linking Sustainability Data To Value - Annabelle BennettGlobal Reporting Initiative Focal Point Australia
 
Conducting a literature search
Conducting a literature searchConducting a literature search
Conducting a literature searchOISE, University of Toronto
 
Linking PEPFAR Data To Gis Inglis
Linking PEPFAR Data To Gis InglisLinking PEPFAR Data To Gis Inglis
Linking PEPFAR Data To Gis InglisMEASURE Evaluation
 
GRI Conference - 28 May - Seidel - Learn About Transparency in the Supply Chain
GRI Conference - 28 May - Seidel - Learn About Transparency in the Supply ChainGRI Conference - 28 May - Seidel - Learn About Transparency in the Supply Chain
GRI Conference - 28 May - Seidel - Learn About Transparency in the Supply ChainGlobal Reporting Initiative
 

Recommended

Specification of usage control requirement
Specification of usage control requirementSpecification of usage control requirement
Specification of usage control requirementBibek Shrestha
 
@GRIAusConf_Linking Sustainability Data To Value - Maria Balatbat
@GRIAusConf_Linking Sustainability Data To Value - Maria Balatbat@GRIAusConf_Linking Sustainability Data To Value - Maria Balatbat
@GRIAusConf_Linking Sustainability Data To Value - Maria BalatbatGlobal Reporting Initiative Focal Point Australia
 
Conducting a Lit Review
Conducting a Lit ReviewConducting a Lit Review
Conducting a Lit ReviewWendy DeGroat
 
The journey to evidence 2 1
The journey to evidence 2 1The journey to evidence 2 1
The journey to evidence 2 1stanbridge
 
@GRIAusConf_Linking Sustainability Data To Value - Annabelle Bennett
@GRIAusConf_Linking Sustainability Data To Value - Annabelle Bennett@GRIAusConf_Linking Sustainability Data To Value - Annabelle Bennett
@GRIAusConf_Linking Sustainability Data To Value - Annabelle BennettGlobal Reporting Initiative Focal Point Australia
 
Conducting a literature search
Conducting a literature searchConducting a literature search
Conducting a literature searchOISE, University of Toronto
 
Linking PEPFAR Data To Gis Inglis
Linking PEPFAR Data To Gis InglisLinking PEPFAR Data To Gis Inglis
Linking PEPFAR Data To Gis InglisMEASURE Evaluation
 
GRI Conference - 28 May - Seidel - Learn About Transparency in the Supply Chain
GRI Conference - 28 May - Seidel - Learn About Transparency in the Supply ChainGRI Conference - 28 May - Seidel - Learn About Transparency in the Supply Chain
GRI Conference - 28 May - Seidel - Learn About Transparency in the Supply ChainGlobal Reporting Initiative
 
Literature Review
Literature ReviewLiterature Review
Literature Reviewgypsy
 
Conducting A Literature Review
Conducting A Literature ReviewConducting A Literature Review
Conducting A Literature Reviewabutton1
 
Computer Data Processing And Representation 4
Computer Data Processing And Representation 4Computer Data Processing And Representation 4
Computer Data Processing And Representation 4Amit Chandra
 
Literature definition
Literature definitionLiterature definition
Literature definitionJennefer Edrozo
 
Definitions of Literature
Definitions of LiteratureDefinitions of Literature
Definitions of LiteratureMae Selim
 
Literature review for a dissertation: a step-by-step guide
Literature review for a dissertation: a step-by-step guideLiterature review for a dissertation: a step-by-step guide
Literature review for a dissertation: a step-by-step guideOlga Koz, DM, MLS
 
Paid Search Reporting And Analytics (SES London 2014)
Paid Search Reporting And Analytics (SES London 2014)Paid Search Reporting And Analytics (SES London 2014)
Paid Search Reporting And Analytics (SES London 2014)Koozai
 
Scope of Literature
Scope of LiteratureScope of Literature
Scope of LiteratureMae Selim
 
Web 2.0 learning: literature map
Web 2.0 learning: literature map Web 2.0 learning: literature map
Web 2.0 learning: literature map Dan Kartono
 
Concept map literature
Concept map literatureConcept map literature
Concept map literatureIonell Jay Terogo, Ph.D.
 
Review of related literature presentation
Review of related literature presentation Review of related literature presentation
Review of related literature presentation Hotaru Imai
 
Concept Maps
Concept MapsConcept Maps
Concept MapsSteven Hornik
 
How to Conduct a Literature Review
How to Conduct a Literature ReviewHow to Conduct a Literature Review
How to Conduct a Literature ReviewRobin Featherstone
 
Review of Related Literature
Review of Related LiteratureReview of Related Literature
Review of Related LiteratureJasper Obico
 
What is Literature?
What is Literature?What is Literature?
What is Literature?Dilip Barad
 
Literature Review (Review of Related Literature - Research Methodology)
Literature Review (Review of Related Literature - Research Methodology)Literature Review (Review of Related Literature - Research Methodology)
Literature Review (Review of Related Literature - Research Methodology)Dilip Barad
 
Related Literature and Related Studies
Related Literature and Related StudiesRelated Literature and Related Studies
Related Literature and Related StudiesJenny Reyes
 
Slideshare Powerpoint presentation
Slideshare Powerpoint presentationSlideshare Powerpoint presentation
Slideshare Powerpoint presentationelliehood
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare pptMandy Suzanne
 
How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...Core Security
 
Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Core Security
 
Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Core Security
 

More Related Content

Viewers also liked

Literature Review
Literature ReviewLiterature Review
Literature Reviewgypsy
 
Conducting A Literature Review
Conducting A Literature ReviewConducting A Literature Review
Conducting A Literature Reviewabutton1
 
Computer Data Processing And Representation 4
Computer Data Processing And Representation 4Computer Data Processing And Representation 4
Computer Data Processing And Representation 4Amit Chandra
 
Definitions of Literature
Definitions of LiteratureDefinitions of Literature
Definitions of LiteratureMae Selim
 
Literature review for a dissertation: a step-by-step guide
Literature review for a dissertation: a step-by-step guideLiterature review for a dissertation: a step-by-step guide
Literature review for a dissertation: a step-by-step guideOlga Koz, DM, MLS
 
Paid Search Reporting And Analytics (SES London 2014)
Paid Search Reporting And Analytics (SES London 2014)Paid Search Reporting And Analytics (SES London 2014)
Paid Search Reporting And Analytics (SES London 2014)Koozai
 
Scope of Literature
Scope of LiteratureScope of Literature
Scope of LiteratureMae Selim
 
Web 2.0 learning: literature map
Web 2.0 learning: literature map Web 2.0 learning: literature map
Web 2.0 learning: literature map Dan Kartono
 
Review of related literature presentation
Review of related literature presentation Review of related literature presentation
Review of related literature presentation Hotaru Imai
 
How to Conduct a Literature Review
How to Conduct a Literature ReviewHow to Conduct a Literature Review
How to Conduct a Literature ReviewRobin Featherstone
 
Review of Related Literature
Review of Related LiteratureReview of Related Literature
Review of Related LiteratureJasper Obico
 
What is Literature?
What is Literature?What is Literature?
What is Literature?Dilip Barad
 
Literature Review (Review of Related Literature - Research Methodology)
Literature Review (Review of Related Literature - Research Methodology)Literature Review (Review of Related Literature - Research Methodology)
Literature Review (Review of Related Literature - Research Methodology)Dilip Barad
 
Related Literature and Related Studies
Related Literature and Related StudiesRelated Literature and Related Studies
Related Literature and Related StudiesJenny Reyes
 
Slideshare Powerpoint presentation
Slideshare Powerpoint presentationSlideshare Powerpoint presentation
Slideshare Powerpoint presentationelliehood
 

Viewers also liked (19)

Literature Review
Literature ReviewLiterature Review
Literature Review
 
Conducting A Literature Review
Conducting A Literature ReviewConducting A Literature Review
Conducting A Literature Review
 
Computer Data Processing And Representation 4
Computer Data Processing And Representation 4Computer Data Processing And Representation 4
Computer Data Processing And Representation 4
 
Literature definition
Literature definitionLiterature definition
Literature definition
 
Definitions of Literature
Definitions of LiteratureDefinitions of Literature
Definitions of Literature
 
Literature review for a dissertation: a step-by-step guide
Literature review for a dissertation: a step-by-step guideLiterature review for a dissertation: a step-by-step guide
Literature review for a dissertation: a step-by-step guide
 
Paid Search Reporting And Analytics (SES London 2014)
Paid Search Reporting And Analytics (SES London 2014)Paid Search Reporting And Analytics (SES London 2014)
Paid Search Reporting And Analytics (SES London 2014)
 
Scope of Literature
Scope of LiteratureScope of Literature
Scope of Literature
 
Web 2.0 learning: literature map
Web 2.0 learning: literature map Web 2.0 learning: literature map
Web 2.0 learning: literature map
 
Concept map literature
Concept map literatureConcept map literature
Concept map literature
 
Review of related literature presentation
Review of related literature presentation Review of related literature presentation
Review of related literature presentation
 
Concept Maps
Concept MapsConcept Maps
Concept Maps
 
How to Conduct a Literature Review
How to Conduct a Literature ReviewHow to Conduct a Literature Review
How to Conduct a Literature Review
 
Review of Related Literature
Review of Related LiteratureReview of Related Literature
Review of Related Literature
 
What is Literature?
What is Literature?What is Literature?
What is Literature?
 
Literature Review (Review of Related Literature - Research Methodology)
Literature Review (Review of Related Literature - Research Methodology)Literature Review (Review of Related Literature - Research Methodology)
Literature Review (Review of Related Literature - Research Methodology)
 
Related Literature and Related Studies
Related Literature and Related StudiesRelated Literature and Related Studies
Related Literature and Related Studies
 
Slideshare Powerpoint presentation
Slideshare Powerpoint presentationSlideshare Powerpoint presentation
Slideshare Powerpoint presentation
 
Slideshare ppt
Slideshare pptSlideshare ppt
Slideshare ppt
 

More from Core Security

How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...Core Security
 
Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Core Security
 
Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Core Security
 
Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career Core Security
 
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...Core Security
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeCore Security
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Core Security
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Core Security
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityCore Security
 
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...Core Security
 
Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...Core Security
 
Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security Core Security
 
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...Core Security
 
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...Core Security
 
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Security
 
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...Core Security
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security Core Security
 
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core SecurityVulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core SecurityCore Security
 
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...Core Security
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016Core Security
 

More from Core Security (20)

How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...How to Solve the Top 3 Struggles with Identity Governance and Administration ...
How to Solve the Top 3 Struggles with Identity Governance and Administration ...
 
Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks Lazy Penetration Tester Tricks
Lazy Penetration Tester Tricks
 
Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1Thanks for All the Phish: Introducing Core Impact 18.1
Thanks for All the Phish: Introducing Core Impact 18.1
 
Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career Identity + Security: Welcome to Your New Career
Identity + Security: Welcome to Your New Career
 
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
Put Analytics And Automation At The Core Of Security – Joseph Blankenship – S...
 
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan RowcliffeNo More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
No More SIlos: Connected Security - Mike Desai and Ryan Rowcliffe
 
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
Modern Authentication – Turn a Losing Battle into a Winning Strategy, Robert ...
 
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
Security Consulting Services - Which Is The Best Option For Me? - Diego Sor, ...
 
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core SecurityThreat Dissection - Alberto Soliño Testa Research Director, Core Security
Threat Dissection - Alberto Soliño Testa Research Director, Core Security
 
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
How to Defeat the Vulnerability Hydra - Andy Nickel Sales Engineer, Core Secu...
 
Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...Understanding Network Insight Integrations to Automate Containment and Kick S...
Understanding Network Insight Integrations to Automate Containment and Kick S...
 
Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security Product Vision - Stephen Newman – SecureAuth+Core Security
Product Vision - Stephen Newman – SecureAuth+Core Security
 
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
The Good, the Bad, and The Not So Bad: Tracking Threat Operators with Our Thr...
 
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
Introducing Core Role Designer - Michael Marks Product Manager - Identity, Co...
 
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
Core Connector API Demo - Michael Marks Product Manager - Identity, Core Secu...
 
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
Access Assurance Suite Tips & Tricks - Lisa Lombardo Principal Architect Iden...
 
The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security The Why - Keith Graham, CTO – SecureAuth+Core Security
The Why - Keith Graham, CTO – SecureAuth+Core Security
 
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core SecurityVulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
Vulnerability Insight Tips & Tricks - Magno Gomes SE Manager, Core Security
 
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
Network Insight: How To Assess Findings - Tier 1 SOC Triage - Mark Gilbert ,T...
 
10 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 201610 IT Security Trends to Watch for in 2016
10 IT Security Trends to Watch for in 2016
 

Recently uploaded

Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfFerryKemperman
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesŁukasz Chruściel
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationBradBedford3
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmSujith Sukumaran
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfMarharyta Nedzelska
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Matt Ray
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsAhmed Mohamed
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Angel Borroy López
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesPhilip Schwarz
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)jennyeacort
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Hr365.us smith
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanyChristoph Pohl
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...OnePlan Solutions
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfIdiosysTechnologies1
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEEVICTOR MAESTRE RAMIREZ
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaHanief Utama
 

Recently uploaded (20)

Introduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdfIntroduction Computer Science - Software Design.pdf
Introduction Computer Science - Software Design.pdf
 
2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva2.pdf Ejercicios de programación competitiva
2.pdf Ejercicios de programación competitiva
 
Unveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New FeaturesUnveiling the Future: Sylius 2.0 New Features
Unveiling the Future: Sylius 2.0 New Features
 
How to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion ApplicationHow to submit a standout Adobe Champion Application
How to submit a standout Adobe Champion Application
 
Intelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalmIntelligent Home Wi-Fi Solutions | ThinkPalm
Intelligent Home Wi-Fi Solutions | ThinkPalm
 
A healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdfA healthy diet for your Java application Devoxx France.pdf
A healthy diet for your Java application Devoxx France.pdf
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
Open Source Summit NA 2024: Open Source Cloud Costs - OpenCost's Impact on En...
 
Unveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML DiagramsUnveiling Design Patterns: A Visual Guide with UML Diagrams
Unveiling Design Patterns: A Visual Guide with UML Diagrams
 
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
Alfresco TTL#157 - Troubleshooting Made Easy: Deciphering Alfresco mTLS Confi...
 
Folding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a seriesFolding Cheat Sheet #4 - fourth in a series
Folding Cheat Sheet #4 - fourth in a series
 
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
Call Us🔝>༒+91-9711147426⇛Call In girls karol bagh (Delhi)
 
Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)Recruitment Management Software Benefits (Infographic)
Recruitment Management Software Benefits (Infographic)
 
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte GermanySuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
SuccessFactors 1H 2024 Release - Sneak-Peek by Deloitte Germany
 
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
Maximizing Efficiency and Profitability with OnePlan’s Professional Service A...
 
Best Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdfBest Web Development Agency- Idiosys USA.pdf
Best Web Development Agency- Idiosys USA.pdf
 
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort ServiceHot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
Hot Sexy call girls in Patel Nagar🔝 9953056974 🔝 escort Service
 
Cloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEECloud Data Center Network Construction - IEEE
Cloud Data Center Network Construction - IEEE
 
React Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief UtamaReact Server Component in Next.js by Hanief Utama
React Server Component in Next.js by Hanief Utama
 

Vulnerabilty Maturity Model - Core Security

  • 1. P A G E ©2014 Co re Secur i t y How Mature is Your Vulnerability Management Program? Black Hat 2014
  • 2. P A G E ©2014 Co re Secur i t y We’ve Got a Problem 2 This month’s vulnerability scanner results “A common model where all assets are scanned monthly … will include 1 million to 5 million findings” - Gartner
  • 3. P A G E ©2014 Co re Secur i t y VULNERABILITY OVERLOAD 3
  • 4. P A G E ©2014 Co re Secur i t y So What Caused All This? • Beyond exponential asset growth = bloated vuln scanner results • Frequent M&A activities • Virtualization in datacenters − No longer one server to one application − Multiple workloads per server − Potentially exploitable vulnerabilities skyrocket Scanning is necessary, but isn’t enough 4
  • 5. P A G E ©2014 Co re Secur i t y How Mature is Your Vulnerability Mgmt Program? 5 Analysis & Prioritization Single Dashboard and Reporting Unified Repository Actionable Data MATURITY Attack Path Planning Attacker & Threat Focused Integrated to Business Risk Critical Asset Risk Vulnerability Scanning Web/Network Scanning CVSS Scoring Exploit Matching STAGE 1 STAGE 2 STAGE 3 DATA OVERLOAD EFFECTIVE PRIORITIZATION
  • 6. P A G E ©2014 Co re Secur i t y What Does This Mean to You? 6 Focus on what matters most… Narrow the list of vulnerability data by 90%