Date: Wednesday, December 3, 2014
Time: 2:00 PM ET / 11:00 AM PT
Any number of industry pundits have noted the prevalence of major vulnerabilities this year, especially when accounting for Heartbleed, Shellshock and POODLE. These major bugs proclaim a new normal: Critical vulnerabilities will be the standard for information security pros here on out. Other experts, however, point out that while it may seem that 2014 has become the year of the vulnerability, it hasn’t been that much different from years past – based on annual stats provided by the Common Vulnerability and Exposure (CVE) Details website (https://www.cvedetails.com). Whatever your opinion, though, there’s no arguing that this year’s bugs resulted in IT security teams everywhere shoring up security controls and plugging holes in OpenSSL, bash and SSL 3.0. However, most agree, it’s vital to prepare for still more critical vulnerabilities. To do this, organizations must have procedures and controls in place to figure out where flaws exist and patch them as necessary – especially given changing environments that rely on cloud services. During this discussion, we review some of the areas security pros must bear in mind to address these latest flaws and the inevitability of others, reviewing not only the procedures to have in place but also the different controls, types of technologies and other measures to consider that will aid and, perhaps, ease efforts in this area of risk management.
Tom Kellermann, Chief Cybersecurity Officer, Trend Micro
Illena Armstrong, VP, Editorial, SC Magazine