News, stories and insights from the team at trackd
…are 90% of all breaches the result of phishing? Or, perhaps more credibly, is it that 90% of all breaches for which the initial access vector is disclosed are the result of phishing?
Today, we’re releasing something we’re calling AutoPilot (only because we couldn’t think of anything more clever). At first glance, it’s a basic upgrade to our auto-patching rules engine, offering an additional variable for IT operators
AutoPilot leverages patch disruption data that no other vulnerability scanning or patching product has. When a user applies a patch with trackd’s platform, trackd records whether or not that patch caused a disruption, so trackd
Just as there’s no reason to make weight if you’re not going to wrestle, there’s no reason to scan for and identify vulnerabilities if you’re not going to patch them.
Twenty years ago, the risk calculation with respect to patching favored a cautious approach: patches frequently caused disruptions and threat actors were both fewer in number and their tools and communities were much less sophisticated
The problem of false positives in vulnerability management can largely be attributed to the use of CPE (Common Platform Enumeration) data in the correlation process, a critical first step in vulnerability management.
Today, those in vulnerability management often create development environments (aka sandboxes) to test whether or not new patches will cause disruptions on their networks…just like they’ve been doing for 3 decades. Which leads to only
…organizations deploying End of Life software were 3.7 times more likely to suffer a claim in 2022
The psychological source of this particular patch failure, of course, is the omnipresent fear that applying patches will result in a service disruption that will, at a minimum, make for a miserable few hours for
Patch management is not just a best practice; it is an essential aspect of MSP operations. Failing to regularly patch systems and applications can leave your clients vulnerable to cyberattacks, data breaches, and system failures.
…are 90% of all breaches the result of phishing? Or, perhaps more credibly, is it that 90% of all breaches for which the initial access vector is disclosed are the result of phishing?
** 72 Hours After Patch Tuesday ** 72-hours in and it’s looking like Dell devices are the “hardest” hit this month, albeit not crazily. A lot of smaller disruptions this month, so let’s dig in!
** 2 Weeks After Patch Tuesday ** Take advantage of this month’s relatively benign updates! Server 2016’s update seems to be the problem child this month, though, but not catastrophically so, thankfully – This month’s
Today, we’re releasing something we’re calling AutoPilot (only because we couldn’t think of anything more clever). At first glance, it’s a basic upgrade to our auto-patching rules engine, offering an additional variable for IT operators to account for when determining whether or not to designate a patch for auto-update.
AutoPilot leverages patch disruption data that no other vulnerability scanning or patching product has. When a user applies a patch with trackd’s platform, trackd records whether or not that patch caused a disruption, so trackd has an ever-expanding database of applied patches and their disruption histories.
** 2 Weeks After Patch Tuesday ** Nothing too crazy after two weeks of installs. Microsoft has acknowledged this month’s updates can cause our previously reported performance issues and suggest using Known Issue Rollback to
Just as there’s no reason to make weight if you’re not going to wrestle, there’s no reason to scan for and identify vulnerabilities if you’re not going to patch them.
Twenty years ago, the risk calculation with respect to patching favored a cautious approach: patches frequently caused disruptions and threat actors were both fewer in number and their tools and communities were much less sophisticated (not to mention monetizing a successful compromise was infinitely more difficult without crypto-currency). Fast forward to today, and that calculation is inverted,
It’s certainly been an eventful month for IT operators… Obviously the biggest disruption to happen in the last two weeks was the Crowdstrike incident, albeit caused by themselves, not Microsoft. Regardless, if I didn’t call it out someone would Spongemock me, so it’s here.
The problem of false positives in vulnerability management can largely be attributed to the use of CPE (Common Platform Enumeration) data in the correlation process, a critical first step in vulnerability management.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
