News, stories and insights from the team at trackd
Leaving vulnerabilities unpatched can expose organizations to significant risks. Attackers actively search for known vulnerabilities to exploit, and exploiting unpatched vulnerabilities is a common technique. Such attacks can result in data breaches, financial losses, reputational
In this blog series, we’ll look at some of the more mundane – albeit common and operationally-significant – reasons patches fail.
The only thing better than learning from your own mistakes is learning from the mistakes of others. At trackd, we have come up with a radically simple but elegant solution to help organizations differentiate between
At trackd, our free users are essential to our business plan; we literally can’t deliver the unique solution we’ve designed without them.
It’s often paid lip service to (or worse, intentionally neglected), and rarely appreciated, but there’s an operational cost to be paid for security. Security controls create inefficiencies, and those security measures can also introduce operational
The vulnerability management market answers every question a practitioner or cybersecurity professional could want answered…except the only one that matters: will this patch break my shit.
In today’s threat landscape, you don’t have to be a high-profile private or public organization to be targeted. You don’t have to be storing highly valuable technology IP or high-value health records, and you don’t
It’s time for vulnerability management technology innovators to spend less time identifying and reporting on vulnerabilities, and more time building tools to help IT teams fix them more efficiently…and without their fingers constantly crossed.
It probably makes sense to take the hyperventilating stories of cutting-edge attack vectors with a grain of salt. There will come a day when the primary means of initial penetration become obsolete or are abandoned
The only thing that matters is whether the person responsible for product security is able to convince all stakeholders to care about the risks associated with the absence of secure software development practices or not.
Twenty years ago, the risk calculation with respect to patching favored a cautious approach: patches frequently caused disruptions and threat actors were both fewer in number and their tools and communities were much less sophisticated (not to mention monetizing a successful compromise was infinitely more difficult without crypto-currency). Fast forward to today, and that calculation is inverted,
It’s certainly been an eventful month for IT operators… Obviously the biggest disruption to happen in the last two weeks was the Crowdstrike incident, albeit caused by themselves, not Microsoft. Regardless, if I didn’t call it out someone would Spongemock me, so it’s here.
The problem of false positives in vulnerability management can largely be attributed to the use of CPE (Common Platform Enumeration) data in the correlation process, a critical first step in vulnerability management.
Today, those in vulnerability management often create development environments (aka sandboxes) to test whether or not new patches will cause disruptions on their networks…just like they’ve been doing for 3 decades. Which leads to only one conclusion: ARPA-H is funding an effort to build a faster horse.
…organizations deploying End of Life software were 3.7 times more likely to suffer a claim in 2022
The psychological source of this particular patch failure, of course, is the omnipresent fear that applying patches will result in a service disruption that will, at a minimum, make for a miserable few hours for IT practitioners, and could result in more serious repercussions. trackd was founded to counter exactly this rational, but largely anachronistic, fear.
Some minor disruptions have been reported, mainly with Fortinet FSSO, two reports of MSFT Key Distribution Center service failing to start causing authorization failures, and AuthLite breaking if not running 2.15.16 before installing.
Patch management is not just a best practice; it is an essential aspect of MSP operations. Failing to regularly patch systems and applications can leave your clients vulnerable to cyberattacks, data breaches, and system failures.
Leaving vulnerabilities unpatched can expose organizations to significant risks. Attackers actively search for known vulnerabilities to exploit, and exploiting unpatched vulnerabilities is a common technique. Such attacks can result in data breaches, financial losses, reputational damage, and legal liabilities.
In this blog series, we’ll look at some of the more mundane – albeit common and operationally-significant – reasons patches fail.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
Copyright © 2022-2024 trackd, inc.
All rights reserved.
