News, stories and insights from the team at trackd
…are 90% of all breaches the result of phishing? Or, perhaps more credibly, is it that 90% of all breaches for which the initial access vector is disclosed are the result of phishing?
Today, we’re releasing something we’re calling AutoPilot (only because we couldn’t think of anything more clever). At first glance, it’s a basic upgrade to our auto-patching rules engine, offering an additional variable for IT operators
AutoPilot leverages patch disruption data that no other vulnerability scanning or patching product has. When a user applies a patch with trackd’s platform, trackd records whether or not that patch caused a disruption, so trackd
Just as there’s no reason to make weight if you’re not going to wrestle, there’s no reason to scan for and identify vulnerabilities if you’re not going to patch them.
Twenty years ago, the risk calculation with respect to patching favored a cautious approach: patches frequently caused disruptions and threat actors were both fewer in number and their tools and communities were much less sophisticated
The problem of false positives in vulnerability management can largely be attributed to the use of CPE (Common Platform Enumeration) data in the correlation process, a critical first step in vulnerability management.
Today, those in vulnerability management often create development environments (aka sandboxes) to test whether or not new patches will cause disruptions on their networks…just like they’ve been doing for 3 decades. Which leads to only
…organizations deploying End of Life software were 3.7 times more likely to suffer a claim in 2022
The psychological source of this particular patch failure, of course, is the omnipresent fear that applying patches will result in a service disruption that will, at a minimum, make for a miserable few hours for
Patch management is not just a best practice; it is an essential aspect of MSP operations. Failing to regularly patch systems and applications can leave your clients vulnerable to cyberattacks, data breaches, and system failures.
Happy holidays! A month to rejoice? A Christmas miracle? Just one (1) critical vulnerability this month and only one (1) zero day, albeit actively exploited, the exploit code maturity is listed as ‘unproven.’ That said,
** 2 Weeks After Patch Tuesday ** Seemingly nothing systemic reported for this month’s updates. Just onesie, twosie reports of miscellaneous disruptions. Nothing catastrophic, but annoying to be sure. Y’all still waiting to patch? Server
…are 90% of all breaches the result of phishing? Or, perhaps more credibly, is it that 90% of all breaches for which the initial access vector is disclosed are the result of phishing?
** 2 Weeks After Patch Tuesday ** Two weeks hence and it looks like we’re in the clear with only some minor oddities listed below! Barely even enough text for a whole post, which is
** 2 Weeks After Patch Tuesday ** Take advantage of this month’s relatively benign updates! Server 2016’s update seems to be the problem child this month, though, but not catastrophically so, thankfully – This month’s
Today, we’re releasing something we’re calling AutoPilot (only because we couldn’t think of anything more clever). At first glance, it’s a basic upgrade to our auto-patching rules engine, offering an additional variable for IT operators to account for when determining whether or not to designate a patch for auto-update.
AutoPilot leverages patch disruption data that no other vulnerability scanning or patching product has. When a user applies a patch with trackd’s platform, trackd records whether or not that patch caused a disruption, so trackd has an ever-expanding database of applied patches and their disruption histories.
** 2 Weeks After Patch Tuesday ** Nothing too crazy after two weeks of installs. Microsoft has acknowledged this month’s updates can cause our previously reported performance issues and suggest using Known Issue Rollback to
Just as there’s no reason to make weight if you’re not going to wrestle, there’s no reason to scan for and identify vulnerabilities if you’re not going to patch them.
Twenty years ago, the risk calculation with respect to patching favored a cautious approach: patches frequently caused disruptions and threat actors were both fewer in number and their tools and communities were much less sophisticated (not to mention monetizing a successful compromise was infinitely more difficult without crypto-currency). Fast forward to today, and that calculation is inverted,
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
