Prioritization to Prediction Vulnerability Research Series – Ed Bellis – ESW #203
Organizations have millions of vulnerabilities. And our research has shown that those same organizations, large or small, on average, can only fix about one in ten of those vulnerabilities. But as a security practitioner you still need to keep your organization secure, so how do you do that when you can’t possibly fix ALL of your vulnerabilities? Ed Bellis will:
• Review what years of joint research into vulnerability management with the Cyentia Institute uncovered about the scope of the challenge
• A breakdown in performance factors by industry and platforms
• Lay out several factors that drive better remediation performance
• Provide a deeper understanding on the scope of exposures and how risk informs remediation strategies
This segment is sponsored by Kenna Security.
Visit https://securityweekly.com/kennasecurity to learn more about them!
Sponsored By
Announcements
Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81
Guest
Ed Bellis, Co-founder and CTO of Kenna Security Ed Bellis is a security industry veteran and expert and known in security circles as “the father of risk-based vulnerability management.” He founded Kenna Security to deliver a data-driven risk-based approach to remediation and help IT teams prioritize and thwart would-be security threats. Ed is the former CISO of Orbitz and former Vice President, Corporate Information Security at Bank of America. He is an advisor to Dharma and former advisor to SecurityScoreboard.com and Society of Payment Security Professionals. Ed is a contributing author to the book, Beautiful Security (Oram, Andy & Viega, John, O’Reilly Media, 2009). He is a frequent speaker at industry conferences. Recent engagements include the 2017 Enterprise Security Summit (Dos and Don’ts of Establishing Metrics that Cultivate Real Security) and InfoSec World (Amateur Hour: Why APT’s Are the Least of Your Worries).
Hosts
