In computer security, the term vulnerability is applied to a weakness in a system which allows an attacker to violate the integrity of that system. Vulnerabilities may result from weak passwords, software bugs, a computer virus or other malware, a script code injection, a SQL injection or misconfiguration.<br><br>A security risk is classified as a vulnerability if it is recognized as a possible means of attack. A security risk with one or more known instances of working and fully-implemented attacks is classified as an exploit.
As cyberattacks and fraud continue to increase in frequency and sophistication, organizations are placing a greater emphasis on cyberthreat intelligence as a way to protect against compromise, data breach, and losses from online fraud. Measuring the true value of threat intelligence has been difficult however.
For the first time the Ponemon Institute has conducted a study that reveals the facts behind the impact that weak threat intelligence is having on organizations.
This paper discusses reasons why visibility is so essential, and outlines how you can use visibility beyond and within the firewall to develop policies and processes that protect what you can’t control.
The explosive growth of the mobile apps market presents a tremendous opportunity for software developers and cybercriminals alike. Infected apps are not only a threat to mobile device users, but also to network and platform providers, device manufacturers, and the reputation of the industry as a whole. Fortunately, developers can protect their code – and their customers – with a straightforward and easy-to-manage technology: code signing certificates. This white paper details the rise of mobile applications and why code signing certificates are essential to protecting the entire mobile apps ecosystem.
While the business benefits of virtualization are clear—increased performance and stability and decreased hardware costs, floor space, and management oversight—the virtualized world makes your organization vulnerable to a wide array of new cyber security threats. Are you willing to bet your organization’s IT infrastructure on your ability to combat these hazards?
SANS Institute looks at how network attacks can be avoided by utilizing a SIEM platform that combines historical data with real-time data from network sources and security policies for better, more accurate reporting.
In June 2013, Cisco engaged Miercom to evaluate the capabilities and performance of the latest Cisco Integrated Service Router (ISR) for branch offices—the Cisco 4451-X ISR. Review the report in full and discover why Miercom awarded the Cisco 4451-X ISR the Performance Verified award.
VMware® Horizon Mirage™ is a layered image management solution that separates a PC into logical layers that either IT or the user own and manage. IT-owned layers are typically OS and corporate applications while user-owned layers consist of their own files and applications. The Horizon Mirage solution enables:
• Updates to individual IT-managed layers, such as core operating system files and
common business applications, without disrupting other layers, all while maintaining
user data and installed applications.
• Simpler backup by taking snapshots of layered images, enabling desktop disaster
recovery and helping to ensure continued end-user productivity.
The SANS 20 Critical Security Controls are known for driving effective security programs across government agencies, establishing guidelines for security professionals to ensure the confidentiality, integrity and availability of information technology assets. This paper describes how automating these controls using QualysGuard can protect your organization with continuous security while drastically lowering costs.
Automated Vulnerability Management (VM) solutions help you discover devices running in your network, determine whether they are vulnerable to attack, find fixes to the underlying problems, and protect yourself while those fixes are being implemented. This checklist of best practices will save you time and help you understand what to look for when selecting a VM, whether you have a dozen systems or a million.
Automated Web Application Scanning (WAS) solutions help you discover web apps running in your network, determine whether they are vulnerable to attack, understand how to fix them, and protect your business. This checklist of best practices will save you time and help you understand what to look for when selecting a WAS solution, whether you have a handful of apps or thousands.
Patching is a key strategy for managing vulnerabilities and ensuring enterprise-wide security. Unfortunately, there are often so many flaws in software that patching becomes an overwhelming process.
This white paper describes an approach to patch management that allows you to prioritize vulnerabilities that pose the greatest risk and accelerate the speed at which patches are applied. Also inside, find ten steps to improve patching – read on to learn more.
Organizations today are reevaluating their security strategies as they move their data and applications to the cloud. This whitepaper by Bloor Research discusses the challenges of security in the cloud and how the use of cloud-based services will enable organizations of all sizes, from the very smallest to multinational enterprises, to put trust back into the security equation.
Organizations have traditionally viewed vulnerability scanners as a tactical product, largely commoditized and only providing value around audit time. But with limited resources and a real need to reduce risk, organizations need the ability to pull in threat-related data, combine it with an understanding of what is vulnerable, and figure out what is at risk.
This report from Securosis outlines how yesterday's vulnerability scanners are evolving to meet this need, emerging as a much more strategic component of an organization's control set than in the past.
Learn how vulnerability scanners are evolving to provide real value beyond vulnerability reports for auditors - emerging as a strategic component helping organizations effectively lower risks.
Vulnerabilities in web applications are a major vector for cyber-crime. In large organizations, vulnerable web applications comprised 54% of all hacking breaches and led to 39% of compromised records, according to the 2012 Data Breach Investigation Report by Verizon Business.
This paper describes how large enterprises can effectively discover, catalog and scan web applications to control this major risk vector as part of their organization’s overall vulnerability management program.
A zero-day threat is a vulnerability that becomes known to the vendor on the same day it becomes known to the public, meaning IT assets targeted by a zero-day threat won't have a patch available when it's needed. However, zero-day attacks operate in a realm of the probable - they work only because there are exploitable vulnerabilities within IT systems. Many of these can, and should be prevented.
This guide describes why organizations are vulnerable to zero-day attacks, and what you can do to add a zero-day offense to your existing vulnerability management processes to protect your organization's assets and data.
Web applications have recently emerged as a top cybercriminal attack vector, and organizations that don’t take a proactive approach to app security may be setting themselves up for disaster. More than one-third of organizations still don’t have an application security program in place – what can you do to make sure you’re protected?
Consult this informative survey today to discover your peers’ proven practices for app security success, and learn what you can do to stay protected – read on to get started.
Disaster recovery has become a necessary component of organizations' IT plans, but that flat IT budget makes it harder and harder to protect critical business applications. Read this white paper to learn how cloud-based business resilience can provide cost-effective alternatives to traditional disaster recovery.
Learn how our top-rated vulnerability assessment solution, Nexpose, and our new endpoint controls monitoring solution, ControlsInsight, help you accurately assess your defenses, make informed decisions, create credible action plans, and monitor ongoing progress.