Episode Summary
11:11 Systems Director of Cloud Market Intelligence Brian Knudtson is joined by guests James Charter, Cristian Sandescu, and Andrew Green for a conversation about the state of vulnerability management. They talk about the various aspects of vulnerability management and prioritization based on your business needs. With over 4000 vulnerabilities discovered in 2021, it is no easy task to keep up with all of the patching and remediation efforts.
Panel
James Charter
Cristian Sandescu
Logan Andrew Green
Cloud Conversations
Topic 1
[03:44] Should customers be concerned about vulnerabilities that exist within the cloud infrastructure itself? And if so, what should they do about it?
Topic 2
[09:41] Beyond just having people to be able to handle it, the bandwidth and potential need to bring external people in to help, how are customers supposed to track and prioritize all of these risks and reduce the risk of these types of vulnerabilities?
Topic 3
[23:09] So Andrew, how should customers protect themselves and monitor for activities based on these kinds of exploits that are inherently unknowable until they’re already being exploited?
Cloud Bites
[03:52] “Vulnerabilities in the products and platforms that we use are a very real threat to business.” — James Carter
[07:45] “We need to be looking at, you know, how do we prioritize vulnerabilities from a business perspective?” — Cristian Sandescu
[10:22] “The number of these newly discovered vulnerabilities is really huge.” — Cristian Sandescu
[14:27] “I think it’s really about managing the entire infrastructure, no matter where it is on prem in the cloud and getting a single pane of glass when we’re prioritizing vulnerabilities.” — Cristian Sandescu
[16:39] “A really good risk prioritization scoring system must take into account the business importance of the assets.” — Cristian Sandescu
[19:16] “I think you can mitigate a lot of that risk by having an owner and having regular process that you practice on a regular basis so that you can stay ahead of the common things.” — James Carter
[21:37] “We’re currently in a market and in a business landscape that’s becoming more risky over time.” — James Carter
[24:10] “To really protect against Zero Day, you need to be looking at something like anomaly protection.” — Andrew Green
[25:56] “Most of the attacks happening out there are based on already known vulnerabilities at the time of the exploitation.” — Cristian Sandescu
[30:21] “I think what’s really important is aligning the technology with your goals.” — Cristian Sandescu
[37:25] “You’ve got to remember that not all vulnerabilities will affect every given business. So you need to manage your own risk of those vulnerabilities.” — Brian Knudtson
“I think it’s really about managing the entire infrastructure, no matter where it is on prem in the cloud and getting a single pane of glass when we’re prioritizing vulnerabilities.”
Cristian Sandescu
Episode Asset
Continuous Risk Scanning
Continuous Risk Scanning finds, prioritizes, and monitors internal and external vulnerabilities to reduce the risk of zero-day attacks in real-time.
Utilize a Continuous Risk Scanning system to identify and prioritize vulnerabilities across the infrastructure.
Utilizing the 11:11 Systems Continuous Risk Scanning service will provide you:
- A complete picture of your cybersecurity risks
- Deep analysis of the discovered vulnerabilities and how they apply to your environment
- Prioritization of specific alerts to help remediate your biggest risks first