Vulnerability Management, Network Security

User experience: A key to effective vulnerability management

Vulnerability management has always been hard, with patches from myriad companies that must constantly be sorted by version and severity. It’s especially difficult when firmware needs updating.

To make the process more manageable, security teams need tools and interfaces that ensure speed and accuracy without getting in the way of user experience. That’s one of the main drivers behind Intel vPro®, according to Yasser Rasheed, the Company’s Global Director of Enterprise Endpoint and Security Products.

Rasheed walked Paul Asadoorian, Matt Alderman and Katie Teitler through the Intel vPro® platform features during a recent episode of Enterprise Security Weekly.  He said, the Intel vPro® platform,  is built on 4 pillars that matter to business IT professionals:

  1. Productivity
  2. Security
  3. Manageability
  4. Stability

The Intel vPro® platform is a collection of hardware and software that brings user experience to the forefront. The platform can help security teams keep computers up-to-date, prevent attacks, provide reports on the status of the firmware in use, and implement advanced hardware security.

“With patch management, that’s where user experience and manageability are important, especially when patches must be updated remotely,” Rasheed said. “We take security very seriously, especially when it comes to finding our own vulnerabilities. We’d rather find our own before the bad guys do. We want to stay ahead of curve.”

That’s true whether it involves operating system patches or firmware updates.

The importance of a smooth, remote user experience was important to Intel® before the pandemic. Since then, the things incorporated into the Intel vPro® platform have been key to managing security in a scenario where IT and everyone else are working remotely or as part of a hybrid work environment.

“When we put [Intel] vPro® together, there was no pandemic,” he said. “But we knew mobility mattered. Then came the pandemic, with IT working from home and the attack surface exploding because their kids are playing computer games on the same Internet connection and others in the house are working from home. Because we emphasized mobility, vPro® was ready.”

While it’s great to have such technical controls, having a way to report information back to IT on what must be fixed – and asking the right questions – is essential. The Intel vPro® platform asks users, among other things:

  • Do you have the right systems and capabilities to make this update?
  • Are those capabilities turned on?

More details from the Intel website:

Right out of the box, Intel vPro® Enterprise for Windows OS, offer comprehensive hardware-based security for a business laptop, including active measures that—without your team noticing—help protect the device, network, and data. 

Laptops with Intel vPro® Enterprise for Windows OS, allow your IT pros to manage and repair devices with an internet connection—including over Wi-Fi and outside of the firewall1. Have a laptop issue, while on-the-go? No problem. IT can support your team. 

This segment is sponsored by Intel®. Visit https://securityweekly.com/intel to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes!

Paul Asadoorian

Paul Asadoorian is currently the Principal Security Evangelist for Eclypsium, focused on firmware and supply chain security awareness. Paul’s passion for firmware security extends back many years to the WRT54G hacking days and reverse engineering firmware on IoT devices for fun. Paul and his long-time podcast co-host Larry Pesce co-authored the book “WRTG54G Ultimate Hacking” in 2007, which fueled the firmware hacking fire even more. Paul has worked in technology and information security for over 20 years, holding various security and engineering roles in a lottery company, university, ISP, independent penetration tester, and security product companies such as Tenable. In 2005 Paul founded Security Weekly, a weekly podcast dedicated to hacking and information security. In 2020 Security Weekly was acquired by the Cyberrisk Alliance. Paul is still the host of one of the longest-running security podcasts, Paul’s Security Weekly, he enjoys coding in Python & telling everyone he uses Linux.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.