Vulnerability Management Resources

Vulnerability, patch, and configuration management are not new security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage these capabilities effectively. The quantity of outstanding vulnerabilities for most large organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new vulnerabilities in their infrastructure and applications. When you add in the cloud and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, security may seem unachievable.

POSTER

Key Metrics: Cloud & Enterprise | Vulnerability Management Maturity Model

This poster was developed by Jonathan Risto and AJ Yawn.

Key Metrics: Cloud and Enterprise delivers a set of essential metrics to generate, provide, and review with the Technical, Operational, and Executive partners of the organization. Providing both early-stage and advanced metrics, organizations can generate meaningful metrics across the Identify, Protect, Detect and Respond functions of their security programs.

The SANS Vulnerability Management Maturity Model helps you gauge the effectiveness of your Vulnerability Management program. The model details key activities performed within Vulnerability Management on a 5-point scale. Leveraging the model, you can categorize your program’s current capabilities to create a clear roadmap to improve your program.

Download your FREE copy here.

NEWS

• Firms Push for CVE-Like Cloud Bug System
• Microsoft Azure Vulnerability Exposes PostgreSQL Databases to Other Customers
• Researcher Releases PoC for Recent Java Cryptographic Vulnerability
• 2021 Top Routinely Exploited Vulnerabilities - A joint security bulletin coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom lists the top 15 exploited vulnerabilities in 2021
• Cisco Vulnerability CVE-2022-20695
• VMWARE Remote Code Execution (RCE) vulnerability
• ‘Groundbreaking’ CISA directive to overhaul cyber vulnerability management process
• Can understanding flaws in malware help defenders prevent attacks?

WEBCASTS

Understand Vulnerability Management Maturity with a Self-Assessment Tool, May 2023

• Securing Cloud Data: The Hidden Vulnerabilities of SaaS Platforms, July 2021
• REKT Casino Hack Assessment Operational Series – Vulnerability Management Gone Wrong, March 2021
• Reimagining Vulnerability Management in the Cloud, Aug 2020
• SANS Vulnerability Management Maturity Model, Aug 2020
• Cloud Security Vulnerabilities, Management, and Communication, June 2020
• Top Five Vulnerability Management Failures (And Best Practices), June 2020
• Enterprise and Cloud | Threat & Vulnerability Assessment, June 2020
• Domain Password Auditing with the Cloud, April 2020
• Passwords are a Solvable Problem!, Feb 2020
• How to Communicate about Security Vulnerabilities Jan 2020

SURVEYS

• SANS 2022 Vulnerability Management Survey: Detecting and Combatting Cloud Environment & Supply Chain Vulnerabilities, Oct 2022
• A SANS 2021 Survey: Vulnerability Management - Impacts on Cloud and the Remote Workforce, Nov 2021
• A SANS 2021 Survey: Vulnerability Management - Impacts on Cloud and the Remote Workforce Panel Discussion, Nov 2021
• SANS 2020 Vulnerability Management Survey, Nov 2020
• SANS 2020 Vulnerability Management Survey: A Panel Discussion, Nov 2020Workforce Transformation & Risk: A SANS Survey, Dec 2019

LIVE STREAMS

Download notes from this live stream here.

BLOGS

• Vulnerability Management Maturity Model - Self Assessment Tool (VMMM-SAT), May 2023
• 5 Metrics to Start Measuring in Your Vulnerability Management Program
• Vulnerability Management Maturity Model, Part I
• Vulnerability Management Maturity Model, Part II
• The Cyber Capability Development Centre (CCDC) Concept, May 2019
  

ADDITIONAL RESOURCES

CISA Know Exploited Vulnerabilities - CISA publishes a list of known exploited vulnerabilities that the federal government must remediate. If it is on this list you should ensure your organization has mitigated it

2021 Top Routinely Exploited Vulnerabilities - A joint security bulletin coauthored by cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom lists the top 15 exploited vulnerabilities in 2021

Cybersecurity and Infrastructure Security Agency’s Binding Operational Directive 22-01

SANS Vulnerability Management Course

LDR516: Building and Leading Vulnerability Management Programs

Vulnerability, patch, and configuration management are not new enterprise security topics. In fact, they are some of the oldest security functions. Yet, we still struggle to manage security vulnerability capabilities effectively. The quantity of outstanding vulnerabilities for most enterprise organizations is overwhelming, and all organizations struggle to keep up with the never-ending onslaught of new security vulnerabilities in their infrastructure and applications. When you add in the cloud, and the increasing speed with which all organizations must deliver systems, applications, and features to both their internal and external customers, enterprise security may seem unachievable. This vulnerability management training course will show you the most effective ways to mature your vulnerability management program and move from identifying vulnerabilities to successfully treating them. 21 Cyber42 and 15 lab exercises